RFC 8725 — JSON Web Token Best Current Practices by node

A number of recurring JWT mistakes have led to real vulnerabilities. This document catalogues those pitfalls and gives the actionable practices that avoid them, supplementing the JWT specification with the rules that make JWTs safe to deploy.