Y
Hacker News
new
|
ask
|
show
|
jobs
by
kevlened
3034 days ago
Just to be clear, JWTs may be encrypted (JWE), but are almost always just signed (JWS). Don't store data you don't mind exposing in a signed JWT.
1 comments
chii
3034 days ago
since i was looking into GDPR, a JWT token containing signed data may potentially be a source of private data (i.e., you store the username there), and therefore, have to have a way to clear it, and/or ensure that it is encrypted in transit.
link