Sep 4, 2022
"Although JWTs can be encrypted to also provide secrecy between parties, we will focus on signed tokens. Signed tokens can verify the integrity of the claims contained within it, while encrypted tokens hide those claims from other parties."
JWTs can be signed or encrypted using the same public/private key pairs, so there are effectively three levels of JWT security: unsigned, signed, and encrypted.
We can map API endpoints to these three levels: public, private, and restricted.
The data inside a JWT CAN and often is meant to be secure/private. It just depends on the requirements and proper understanding and use of the technologies.
