Many issues of JWT are actually issues on library for nodejs to work with JWTs and partially the language: trick server to use public key as secret to validate JWT, trick server to use none.
JWT itself is also poor by having things like "none" at all. Which means in every valid place to use JWT, you should really be using PASETO.
JWT itself is also poor by having things like "none" at all. Which means in every valid place to use JWT, you should really be using PASETO.