Which are vulnerabilities in JWT authentication?


Which are vulnerabilities in JWT authentication?

What mistakes a programmer can make using JWT?

I use this npm package

I think the big vulnerability is in refresh token and algorithm of encryption, right?