Comment by robertlagrant
16 hours ago
Why not just authenticate the user against that customer_id, and then you can pass the customer_id around as much as you like (or have a surrogate key to it for a little more security)?
A JWT with the customer_id (or surrogate) in would let you do that in serverless function.
yep, this is the plan
Oh, I must have misread? I thought the thing was a custom encryption/decryption dance instead of a signed JWT.