Spent sometime today digging into the #jwt, #bearer and #oauth2, realizing why it's important to fully rampup #HTTPS. #jwt is passing authentication token in plaintext hence a strong e2e security of the connection is critical in its security assumption