|
|
|
|
|
|
by drinchev
1355 days ago
|
|
|
As explained in the article, if that's the case then you can't really trust the JWT anymore only for it's cryptographic signature and you rely on an internal store entry that makes the token valid / invalid. This makes no benefits as to bearer token or any random string that the server "knows" is a valid authenticated request via internal store, like a DB. |
|
|