Share your craft projects
Make new craft buddies
Ask craft questions
Blog your craft journey
More from Kai Nakamura
JWT issuance and verification without common footguns
JWTs are easy to misuse because libraries make them look simpler than they are. I pin the algorithm, validate issuer and audience, keep expirations short, and rotate signing keys deliberately. I also avoid putting sensitive business data into tokens just because it is convenient.