From 9cf3f62c8f4d49f701bc35223cb3fbe969c7cc93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Sun, 24 May 2026 12:27:17 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=93=9D=20Apply=20suggestion=20from=20@Yur?= =?UTF-8?q?iiMotov?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Yurii Motov <109919500+YuriiMotov@users.noreply.github.com> --- docs/en/docs/tutorial/security/oauth2-jwt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/docs/tutorial/security/oauth2-jwt.md b/docs/en/docs/tutorial/security/oauth2-jwt.md index e389b9d5d5..658cac2f05 100644 --- a/docs/en/docs/tutorial/security/oauth2-jwt.md +++ b/docs/en/docs/tutorial/security/oauth2-jwt.md @@ -18,7 +18,7 @@ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4 It is not encrypted, so, anyone could recover the information from the contents. -But it's signed. So, when you receive a token that you originally issued, you can verify that it actually came from you and has not been tampered with in-transit. +But it's signed. So, when you receive a token that you issued, you can verify that it was you who issued it. That way, you can create a token with an expiration of, let's say, 1 week. And then when the user comes back the next day with the token, you know that user is still logged in to your system.