> TFA says a JWT _may_ expose sensitive data. Which is, as you yourself confirm, true.
Not really. The complain about JWTs leaking sensitive data reads like the bike fall meme. It's like complaining that REST APIs expose sensitive data if not encrypted. Well, that's not a REST trait or something caused by REST, is it? It's you who somehow decided to leak sensitive data through an interface. That's hardly the technology's fault.
Not really. The complain about JWTs leaking sensitive data reads like the bike fall meme. It's like complaining that REST APIs expose sensitive data if not encrypted. Well, that's not a REST trait or something caused by REST, is it? It's you who somehow decided to leak sensitive data through an interface. That's hardly the technology's fault.