Encrypt JWT tokens
Opened this issue · 0 comments
BrunoRosendo commented
Currently, JWT tokens are just encoded and not encrypted. This isn't a major flaw but could be problematic since we store the password hash in the token when we recover passwords.