Payload on JWT tokens can still be seen easily

Question

Iam using jsonwebtoken.js

This is my token :

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1bmlxdWVJRCI6IkgtOWYyN2EzLTE1NDgyMiIsImlhdCI6MTU1NDI5NDI2OCwiZXhwIjoxNTU0NDY3MDY4fQ.76Rf3EM9IHJFia6w0dEFCscqPMBJmiZXRaeQzPNlhhM

I have made it by entering privateKey in it, but when I copy and paste this token and enter it on the website https://jwt.io/, the data remains visible easily.

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

Payload :

{
  "uniqueID": "H-394ec8-204533",
  "iat": 1554294378,
  "exp": 1554467178
}

My Code :

jwt.sign(token_order, keys.jwt.secretOrPrivateKey, { expiresIn: keys.jwt.expiresIn });

Key :

jwt:{
    secretOrPrivateKey:"AAAABB3L-X59kbcuqwzxc--23kv,df594.41239zsc92231",
    expiresIn:'2d' 
},

Did i make a mistake? why can the data be seen?

score 2 · Answer 1 · answered Apr 03 '19 at 13:03

No, You didn't make any mistake,

It is important to understand that the purpose of using JWT is NOT to hide or obscure data in any way. The reason why JWT are used is to prove that the sent data was actually created by an authentic source.

for more you can see this post

Payload on JWT tokens can still be seen easily

1 Answers1