I have two servers and frontend client:
- one server authorize and authenticate user, after that issue jwt token to client.
- Frontend client also visits second backend server using jwt token as Authorization Header.
- JWT secret is the same on the both servers(encrypted by SH256).
- Do you see some security drawbacks in existing flow?