The issue is with just using RSA encryption without signing/hmac. Encryption is done using the public key, which means anyone with that public key could then create a valid token.
Thank you for the clarification!
We’re a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.