|
|
|
|
|
|
by mswehli
2313 days ago
|
|
|
Well no, JWT tokens are there to validate a call can be made. e.g., that whoever has made the HTTP call to your API server has been allowed to do so by the user. JWT tokens aren't there to tell you what the user themselves are allowed to do. What the user is allowed to do is an entirely different thing and you shouldn't rely on bearer tokens to tell you that. |
|
|