What can I do to test validity of a JWT on the client side. I realise that I can NOT test against the secret key.
Tests I can think of:
- three sections
- header and the body need to represent json objects
Are there any rules on length/structure of signature? Anything I’m missing?
Beyond being able to access the fields of the body, so any other tests make sense - at the end of the day an invalid jwt will be rejected by the server when it is used