JWT Secret

You should have a good JWT secret to protect against token tempering as well as avoiding brute force attacks.

A strong secret key should be randomly generated, long, and complex, and should be stored securely and rotated periodically.