Hacker News new | ask | show | jobs
by sAbakumoff 3262 days ago
> Developers think that the data is encrypted, when it's only base64'd

Doesn't it depend on the specific implementation? For example I have been using github.com/dgrijalva/jwt-go package to build a token, add claims and sign it along with github.com/auth0/go-jwt-middleware to validate the requests. The JWT in that case is signed and encoded as a string using the secret.
1 comments
fanf2 3261 days ago
jwt-go says right in the readme that it is not encrypted:

>> It's important to know that JWT does not provide encryption, which means anyone who has access to the token can read its contents. <<

link
sAbakumoff 3261 days ago
Okay, let's say that 3rd party read the user id which my app keeps in a JWT token. What would they do with it?
link