I’ll concede you learning is fun, and I would totally understand a developer who would write JWT validation code just for the sake of it.
However, in my opinion, said code should NOT make it to production unless it increases security (which doesn’t seem to be the case here).
- Increasing app size and CPU/RAM usage should always be weighted against the benefit it provides.
- If there is a bug in the JWT validation code that makes it return “valid” on invalid tokens, the author will never know it (and therefore never learn from the mistake they made).
- If there is a bug in this code that makes it return “invalid” on valid tokens, the app will break in production (which already happened).
So unless someone explain me why its useful to validate tokens in production, I won’t do it.