|
|
|
|
|
|
by peller
3447 days ago
|
|
|
I think you're thinking of a different attack vector, namely, forging a new JWT. Whereas the parent poster said "what would happen if I stolen his token" (for example, via XSS). So in that case, it's a legit token in the hands of a bad actor, and the signature would be still be valid as far as the backend could tell. |
|
|