loading...

re: A Brief Introduction to Securing Applications with JWT VIEW POST

TOP OF THREAD FULL DISCUSSION
re: How can JWT be secure, if I can see the content inside it regardless of having the SECRET KEY? jwt.io/#debugger-io
 

The attacker can't benefit from having this data, since it doesn't have any sensitive information as mentioned in the article. Any user can 'claim' that he has the permission to do anything till whatever expiry date he chooses but he needs to prove that using the signature which he doesn't have control on.

Code of Conduct Report abuse