What if someone knows the Secret Key (signature) of your JSON Web Token? -
if knows secret key , alters lets example username of json token , expiry time, able access secured data on sever?
you need 5 different parameters access token -
grant_type, username, password, client_id, client_secret
so, knowing secret key, username not token; knowing password get. precisely means token if he/she knows parameters, else not!
Comments
Post a Comment