JWT Verify client-side?
TL;DR You must verify the signature of JWS in the server always. Client-side signature verification doesn’t gives much, unless you have a specific case where it makes sense don’t do it. You don’t need to verify the signature of a JWS token to check expiration in the client. (unless you were encrypting the claims, aka … Read more