I can’t understand the reasoning for making the claims/payload of a JWT publicly visible after base64 decoding it.
Why?
It seems like it’d be much more useful to have it encrypted with the secret.
Can someone explain why, or in what situation, keeping this data public is useful?