I have following setup:
My users could login via jwt-token. Then I have /common-realm with two classes: User and Team.
There I store all user and team details. Every user could be in more then one team. Then for every Team there exist a /team-realm-x.
My first question: Is that the correct way to do this?
My second question: At the moment I have to use query based realm for the common-realm. Which I read is not the best way to use in production. How can i structure my realms better? Also is it safe to use query based realm? or would it be possible for a user to query the others user / teams in the common realm?
Thanks for your inputs!