This question is similar to this question.
However, in this case I am referring specifically to https, not http.
If the connection is encrypted with https, I don't see how a Jwt could become compromised any more than an http post.
I do agree it is always best to lock the Jwt down as much as possible with expiration, single use etc, but in my case, I have no choice but to put it in a url as I cannot use a post. But I really don't see a security advantage to the post.
Sure, HTTP path and query parameters are encrypted when using HTTPS. There's no risk of someone intercepting the token in transit.
The problem with putting security sensitive info in the path or query parameters is that you risk exposing them via caches and logs. Most server side logging will log the entire URL and thus log the JWT token in your case.
Also, the browser's cache will contain the JWT token, which may leak to another user using the same account.
