Topic: JWT a token with the symmetric algorithm.
Explain please which that. I do not catch up a little.
Whether there is a sense to use JWT a token signed by the symmetric algorithm? For what it generally is necessary?
That the client could check up the token received from the server, it is necessary for it to give a key of the symmetric enciphering, and what then prevents malefactors to forge a token, knowing this key? And if not to give a key then the client cannot check up it it turns out.
In what sense of existence of the symmetric algorithm, if at it such problem? I can assume only that a unique output is not to give to the client secret key, giving the chance to check a key validity. But it probably is not so convenient and beautiful.
And other question. Having on hands the total text, knowing the encryption algorithm - unless it is impossible to calculate symmetric key by which it is signed JWT a token?
If to use the asymmetric algorithm. That as it is necessary to transfer to the client public key?