The object is passed strictly to jose.JWT.sign(…) Make sure that sensitive information is not exposed through JWT token payload. Likelihood: LOW Confidence: LOW CWE: - CWE-522: Insufficiently Protected Credentials
OWASP: - A02:2017 - Broken Authentication
- A04:2021 - Insecure Design