I'm developing an API and a question about user authentication has come up.
I currently use the Json Web Token (JWT) to perform authentication. In summary, when the user logs in to the tool, it receives a token generated by JWT and this token is passed by header to all endpoints that need authentication.
My question is: can I trust this type of authentication? What are the possible security issues I may face?
In addition, I'm passing the token via header by POST, is this the best method?
Thank you!