@rapropos - doesn’t JWT require a secret on both sides as well? Otherwise how does the client verify the payload? How do we store that secret in ionic?
No.
There are a myriad of ways to do it depending on your application requirements, and in many cases the client doesn’t have to verify the payload; it just has to spit the JWT back to the server when asked. If it does need to verify the payload, only the public key used to sign the JWT is needed, which can be safely publicized.
Best solution is provided here