Payload is part of the JWT and anyone can decode it jwt.io, however the client can't change the payload as the server is the only one having the key it was signed with and with that key can verify that the JWT is valid.
right!!👍
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Payload is part of the JWT and anyone can decode it jwt.io, however the client can't change the payload as the server is the only one having the key it was signed with and with that key can verify that the JWT is valid.
right!!👍