Hi! The signature makes sure that you know who sent it, but it can still (unfortunately) be decrypted. It cannot be modified, so the integrity is intact, but the confidentiality (assuming someone got a copy of it), would not be intact. JWTs are great for many things, but for sending sensitive information they are not a good choice.
Also, this post might provide a bit of context:
(summary: putting sensitive info in parameters is not a good idea) code.likeagirl.io/pushing-left-lik...
If that doesn't make sense let me know and I'll write more. :)
Thank you for reading.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi! The signature makes sure that you know who sent it, but it can still (unfortunately) be decrypted. It cannot be modified, so the integrity is intact, but the confidentiality (assuming someone got a copy of it), would not be intact. JWTs are great for many things, but for sending sensitive information they are not a good choice.
I have a blog post with a bit more info here, let me know if it helps: code.likeagirl.io/pushing-left-lik...
Also, this post might provide a bit of context:
(summary: putting sensitive info in parameters is not a good idea)
code.likeagirl.io/pushing-left-lik...
If that doesn't make sense let me know and I'll write more. :)
Thank you for reading.