ghost
commented
4 years ago This issue as been imported as question since it does not respect example-auth0 issue template. Only bug reports and feature requests stays open to reduce maintainers workload. If your issue is not a question, please mention the repo admin or moderator to change its type and it will be re-opened automatically. Your question is available at https://cmty.app/nuxt/example-auth0/issues/c44.
Do I understand correctly that you do not check the JWT tokens for the validity of the signature? Judging by the source code, the username is simply retrieved from the token. And whether it was signed by
Auth0or not - there is no verification.If this is the case, there to be needed a note about this in the README of this example. Otherwise, many programmers will create work sites on the basis of this example, in which the authorization zone will be “hacked” with any Base64-encoded JWT issued by any script.