DEV Community


Discussion on: How to securely store JWT tokens.

learnitmyway profile image

"This is achieved by verifying the received token with the exact same key that was used to sign it in the first place" - If I understand this correctly, this would be a symmetric key. It also possible to have an asymmetric key that uses a public and private key. See also

gkoniaris profile image
George Koniaris Author

Yes, that's correct. I think it's useful when the client wants to verify that the token was issued by a specific authority. Have you ever used it like this?