if your frontend is interrogating the jwt you're doing it wrong | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mosdave on May 26, 2022 \| parent \| context \| favorite \| on: Learnings from 5 years of tech startup code audits if your frontend is interrogating the jwt you're doing it wrong

nijave on May 27, 2022 [–]

Isn't it pretty common to read the expiration so you know when to refresh tokens?

bornfreddy on May 27, 2022 | [–]

It is, among other things like username or user e-mail address.

This is also, together with backend scalability, a major selling point for JWTs. Otherwise one might just as well use regular session ids in cookies.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact