C
C#10mo ago
Rodersnow

What to include in JWT token

What data should be include into the JWT token, and what should be avoided to ensure security? Currently, the token includes the username, role, iss, aud, and exp
1 Reply
Pobiega
Pobiega10mo ago
unless you use encrypted tokens, only include non-sensitive stuff. treat it as plain text you should rarely need to include secret stuff thou, remember that as long as the JWT is signed, its essentially read-only anyways
Want results from more Discord servers?
Add your server