JWT is created with a secret key and that secret key is private to you which means you will never reveal that to the public or inject inside the JWT token. When you receive a JWT from the client, you can verify that JWT with this that secret key stored on the server .
Read moreHow do I verify a JWT?
To validate a JWT, your application needs to: Check that the JWT is well formed. Check the signature. Check the standard claims.
Read moreDoes Flask use JWT?
This tutorial takes a test-first approach to implementing token-based authentication in a Flask app using JSON Web Tokens (JWTs) .
Read more