It's not inherently safe, no; not unless you apply an encryption scheme to it. But it's not meant to be. JWT, as the name implies, is just a stateless self-contained token used to identify the entity making a request, using a token that was issued by a trusted authority after the entity authenticated itself. It's essentially an immutable receipt for your authentication, that you can then show to the API server that "yes, I am authenticated - this is who I am", without needing any maintained state on the API server. The API server will then use this information to validate whether you have access to the operations your trying to carry out.
The token It's not a good place for transmitting sensitive information in general, and especially not when it's not encrypted.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I am talking about JWT at the top of this article.
The decoded is
Not sure if it is safe as sometimes it contains email and phone number as well. stackoverflow.com/questions/388975...
It's not inherently safe, no; not unless you apply an encryption scheme to it. But it's not meant to be. JWT, as the name implies, is just a stateless self-contained token used to identify the entity making a request, using a token that was issued by a trusted authority after the entity authenticated itself. It's essentially an immutable receipt for your authentication, that you can then show to the API server that "yes, I am authenticated - this is who I am", without needing any maintained state on the API server. The API server will then use this information to validate whether you have access to the operations your trying to carry out.
The token It's not a good place for transmitting sensitive information in general, and especially not when it's not encrypted.