re: 7 Best Practices for JSON Web Tokens VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION

The issue is with just using RSA encryption without signing/hmac. Encryption is done using the public key, which means anyone with that public key could then create a valid token.

code of conduct - report abuse