One item that has been nagging me, as we continue developing our framework and sample apps, is that the Java Web Token (JWT) is n the header of the request like this.
GET http://localhost:8080/someprotectedendpoint
Authorization: Bearer <jwt token>While this works absolutely fine, there are some drawbacks in terms of security.… Read more