I'm starting with the JWT, and I did a decryption test of my token on base64 and I actually decrypt it, except for the Signature part that I don't decipher it, my question is: is the JWT token normal to decrypt it? and if it's normal how I can prevent this.
I'am using algorithm HS256
thanksgiving
What you have is not an encrypted token (JWE => RFC7516) but a signed token (JWS => RFC7515).
The algorithm HS256 is a signature algorithm referenced in the RFC7518 section 3.2.
With signed tokens, the payload is not encrypted but only encoded using the Base 64 Url Safe data encoding (see RFC4648).
