The issue is with just using RSA encryption without signing/hmac. Encryption is done using the public key, which means anyone with that public key could then create a valid token.
Thank you for the clarification!
We’re a place for programmers to stay up-to-date, learn new skills, and share ideas.
We’ll never post without your permission.