We used this link to configure our WebApi to validate our tokens: Auth0 ASP.NET Web API (OWIN) SDK Quickstarts: Authorization
But we noticed something, if we remove part of the signature in the JWT token, the token is not rejected.
11 posts - 3 participants