Auth0 Home Blog Docs

Can decode the jwt token from the website


I’m using jwt in a web project and i create my token from a unique key. But when I copy the token and paste it in the site it show all of my payload in the payload section. But it also shows that the “Invalid Signature” sign. But my concern is that if someone bypass and get the token from a request header, this person is able to see the data inside the token.

Please help