JWT Verify client-side?

Question

I have a nodejs api with an angular frontend. The API is successfully using JWT with passport to secure it\'s endpoints.

I am now conscious that after the tokens have e

Answer 1

Q1: Token verification on client is a bad idea. What you can do is to save a token together with a same expired date on client and then refresh/remove a token. But my thought that it is better to have some date checkig on server side cause exist simple rule: Don't trust the client cause it can always send malicious code.

Q2: JWT don't need any public key. It always must have private key storing on server side cause if someone known your secret key your token don't make any sense. You only can add some payload to do it more complex.