Issue with JWT – user A able to access user B’s data with user A’s JWT
In a website using JWT based authentication.
Lets say we have multiple users in database such as A and B.
The api call called fetch/user/ should return user’s data from database based upon the param.
Also, as this API is called after authentication, the user sends JWT as Auth header.