Not always ... The problem here is : "jwt is an abstract" . You will never create a jwt .
You will create a jws or a jwe . Jws is a signed jwt, the one presented here, no security about reading the body .
Jwe is an encrypted jwt, you can't read it without the private key .
Jws can be useful because you can read the expiration, or validate the signature with a jwks .. but the content is readable
Oh cool, I was just using jwt.io as my source so I guess that's a jws implementation.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Not always ... The problem here is : "jwt is an abstract" . You will never create a jwt .
You will create a jws or a jwe .
Jws is a signed jwt, the one presented here, no security about reading the body .
Jwe is an encrypted jwt, you can't read it without the private key .
Jws can be useful because you can read the expiration, or validate the signature with a jwks .. but the content is readable
Oh cool, I was just using jwt.io as my source so I guess that's a jws implementation.