Yep - that's for a future video.

It couldn't be decrypted, because the secret to decode it is kept on the server. Even if it could be decrypted, there's no sensitive information in there. The risk of having the JWT stolen is that it could be used to gain access to a secure server. Moreover, Session and Local storage are only available to the user of the machine, so are safe for a personal, password protected machine. On a public machine, however, they shouldn't be stored in Local storage, and the user should remember to close the browser to clear session storage. Storage in memory is safest, but least convenient.

Yes, it would be quite different for Server. I'll try to get round to doing a video on that.

@@CodingTutorialsAreGo thanks for the reply. I've just re-watched the Part 1 and Part 2 videos regarding securing the API itself. Very informative the way you added it to an existing project. If creating a new API and using one of the templates with Identity authentication/authorisation would that result in the same JWT token based system or is your approach different/enhanced/minimal compared to what MS gives you out of the box so to speak?

@@AthelstanEngland If you go for Microsoft Identity Platform for the authentication, then it uses JWTs, but they are issued by Microsoft, not by you application itself as I've done here.

@@CodingTutorialsAreGo hi and thanks for the confirmation. Yep, just this morning I decided to create a project using Identity Platform to see what happened and yep it wanted Azure login and all sorts. I deleted and went back to you videos!

Absolutely. This is Blazor WASM only.

This one is 7.

So many people asking for this. It's on the list

Also Maui Blazor Authentication with JSON Web Tokens

@@cissemy I'm not sure there's anything significantly different in MAUI Blazor than here.

@@CodingTutorialsAreGo Yes please for refresh token.