If you can decode JWT, how are they secure?
If I get a JWT and I can decode the payload, how is that secure? Couldn’t I just grab the token out of the header, decode and change the user information in the payload, and send it back with the same correct encoded secret? I know they must be secure, but I just would really … Read more