It would indeed be stolen and used to access api but then expired, as a dev you'd better to protect from this theft rather then figuring out how to stop a stolen one, use http only cookies secure https connection
sorry but either you dont know what you're talking about, or you're omitting the truth? JWT used in an authorization context is a secret, even if it doesn't contain any secret info, as they're used to perform authenticated calls! There's much more to JWT security than what you mention, starting with where they're stored for instance, or how they're generated (fingerprint?) or combined with other security measures.
How to revoke a JWT token: ruclips.net/video/jzB4TfmOZyw/видео.html
Great video, very informative
Great video!
can you use jwt in inav?
What if the token gets leaked....if a person has the token he/she would be able to hit the api
It would indeed be stolen and used to access api but then expired, as a dev you'd better to protect from this theft rather then figuring out how to stop a stolen one, use http only cookies secure https connection
sorry but either you dont know what you're talking about, or you're omitting the truth? JWT used in an authorization context is a secret, even if it doesn't contain any secret info, as they're used to perform authenticated calls!
There's much more to JWT security than what you mention, starting with where they're stored for instance, or how they're generated (fingerprint?) or combined with other security measures.