Comment by Abdullah Oladipo on "Securing your JSON Web Tokens the correct way."

CommentSecuring your JSON Web Tokens the correct way.

Abdullah Oladipo

Software Developer

Jun 27, 2021

Nice article Taiwo, thanks for sharing. This however begs the question why do you want to encrypt your jwt since at the end of the day, you're sending it to the Frontend (unless it's for server to server communication).

One major catch for jwt is do they can be decrypted on the client side and the data displayed to the user or used for some basic controls.

When you encrypt that, you will have to share the encryption key with the frontend which makes it unsafe anymore.

What is your thought on this?

Taiwo Hassan Yusuf

Software Developer

Jun 27, 2021

Thanks for reading.

Concerning the need to encrypt ones JWT, I believe there is no right or wrong answer as it can be platform and developer specific. However, if anyone chooses to encrypt their JWTs, it is only natural that they give an alternative source of the information that would be otherwise extracted from the JWT.
To conclude, too little security is always more of a concern than too much. In the case where there is no need for the front-end to decode the JWT for any information, I believe there is no such thing as too much security. Thanks

Abdullah Oladipo

Taiwo Hassan Yusuf Got it!

Search Hashnode