Additional Notes
Why JWT Payloads Aren’t Secure by Default?
Track: Java
Topic: Authentication
Focus: JWT Signatures
Java: JWT Signatures
Answer
JWT Payloads are Base64 encoded, not encrypted.
The Payload of a JWT is Base64 encoded, which is a reversible transformation. This means anyone who has the token can decode the Payload to view its contents. For example, in a Java-based shopping app, sensitive user information should not be stored in the Payload unless it's encrypted separately.
The Payload of a JWT is Base64 encoded, which is a reversible transformation. This means anyone who has the token can decode the Payload to view its contents. For example, in a Java-based shopping app, sensitive user information should not be stored in the Payload unless it's encrypted separately.
Topics: Authentication Java JWT Signatures