If you only need to read the content of the token you can use the method decode. import jwt from 'jsonwebtoken' const token = jwt.sign data 'foobar' process.env.JWT_SECRET console Phone Number List og jwt.decode token If you want to accept unsigned tokens you can use the method decode. This reduces the risk of introducing security errors related to lack of signature verification. Practical advice Finally based on what was presented in the article I leave a handful of tips that will help you work more safely with JWT JWT does not define token lifetime by default.
If the token lifetime is important in youro define it JWT does not provide mechanisms for invalidating generated tokens . If you need to withdraw the token you created this will need to be handled from within the application. For this purpose you can use the blacklist mechanism containing a list of revoked tokens or the whitelist mechanism containing a list of allowed tokens. In some cases an alternative may be to generate tokens with a short lifetime in the context of the above information consider whether JWT is the right solution for you. For example in the case of authentication mechanisms you may prefer the classic user session mechanism.