Hey folks, Today we'll be seeing a very interesting topic i.e. JSON Web Token aka JWT.
JSON Web Token (JWT) is a widely adopted standard for secur...
For further actions, you may consider blocking this person and/or reporting abuse
What happens when a JWT is compromised? Since it's exchange happens in an open channel (browser).
Yeah so basically if someone has your JWT token then he/she will be able to request to the server on behalf of you, but JWT's have a expired time so if your JWT token is compromised then the person who has it can use it just for some time ant it will expire in some time whatever is set by the server.
Main issue comes when your JWT secret is compromised, because when you create a jwt then you sign it with a secret and if that secret is compromised then you're in big trouble because the JWT authorization works is you give jwt token to a server first server decodes it (any one can do it go to jwt.io and scroll down you'll see a example) then server takes the payload and verifies it by making another token with that payload and the secret which server has if the token generated by server and token given by client is same then token is verified(ignore the case of expiry date for now).
This is how JWT basically works behind the hood