JWT only signs the token itself not the body of the request, so message integrity is still an issue without TLS/HTTPS
JWT only signs the token itself not the body of the request, so message integrity is still an issue without TLS/HTTPS