Noob question about JWT i know jwt consist of header payload signature are you suppose to send the entire jwt to the client?

header.payload.signatureaaaaaaaaaa.bbbbbbbbbbb.ccccccccccccthe header doesn't seam to change anyway is it better to hide it on the server?​additional questionis a complex secret key and a short expiry enough to protect?

Submitted August 26, 2020 at 04:24AM by KommSur