Team JWT, I have created a token using jwt.sign where I have passed my own secret and then I copied the token pasted it on jwt.io website and I was amazed it decodes my token without any secret
and showing usernames and passwords.
Here Is the toke for Demo purpose: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2Vybm1hZSI6InNzYXR5YW1jaGF1aGFuIiwicGFzc3dvcmQiOiJ3aHlpdGlzbWUiLCJpYXQiOjE1ODUxMzM0ODMsImV4cCI6MTU4NTM5MjY4M30.bKtmn03-ZnAAzNxnNk9ZPlrsbbk8lUThMt24gwL-r2w
I just wanted to know is this secure to do token-based authentication in a web app.
Hoping for the quick response.
Team JWT, I have created a token using jwt.sign where I have passed my own secret and then I copied the token pasted it on jwt.io website and I was amazed it decodes my token without any secret
and showing usernames and passwords.
Here Is the toke for Demo purpose:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2Vybm1hZSI6InNzYXR5YW1jaGF1aGFuIiwicGFzc3dvcmQiOiJ3aHlpdGlzbWUiLCJpYXQiOjE1ODUxMzM0ODMsImV4cCI6MTU4NTM5MjY4M30.bKtmn03-ZnAAzNxnNk9ZPlrsbbk8lUThMt24gwL-r2wI just wanted to know is this secure to do token-based authentication in a web app.
Hoping for the quick response.