Is it secure to send JWT tokens in url query parameters if we use nonce to make it a one time token?
Websockets don’t support sending auth tokens during websocket handshake as part of HTTP headers, rather only via query parameters. This has a security risk of leaking these tokens in server logs. However, if we create these JWT tokens with…