C#•2y ago

What to include in JWT token

What data should be include into the JWT token, and what should be avoided to ensure security? Currently, the token includes the username, role, iss, aud, and exp

Pobiega•2/26/24, 8:19 PM

unless you use encrypted tokens, only include non-sensitive stuff. treat it as plain text

Pobiega•2/26/24, 8:20 PM

you should rarely need to include secret stuff thou, remember that as long as the JWT is signed, its essentially read-only anyways