© 2026 LinearBytes Inc.
Search posts, tags, users, and pages
Lars Wächter
CS Student | Software Developer
Maybe I'm wrong but I don't know how this should work.
When you use the user's password to sign the JWT, how can you unsign it later on? How do you know which password you have to take to unsign the token?
Yashu Mittal
Full Stack Dev
What do you mean by un-signing the token?
The part when the JWT is decrypted and you extract the payload from it.
Phil Nash
Developer relations engineer at DataStax
Lars Wächter JWTs aren't necessarily encrypted. The data is base64 encoded, but can be decoded easily. The key is that the signature can only be generated from the contents of the JWT being signed by a secret of some sort.