server/AyaNova/Controllers/AuthController.cs

@@ -130,6 +130,10 @@ namespace AyaNova.Api.Controllers
                     //issue tokens as well, but it looked cmplex and this works so unless need to remove in future keeping it.
                     string token = Jose.JWT.Encode(payload, secretKey, Jose.JwsAlgorithm.HS256);
 
+                    //TODO: Before release double check that security of JWT is still ok:
+                    //https://assets.pentesterlab.com/jwt_security_cheatsheet/jwt_security_cheatsheet.pdf
+                    //https://github.com/ticarpi/jwt_tool
+
 
                     log.LogDebug($"User number \"{u.Id}\" logged in from \"{Util.StringUtil.MaskIPAddress(HttpContext.Connection.RemoteIpAddress.ToString())}\" ok");
                     metrics.Measure.Meter.Mark(MetricsRegistry.SuccessfulLoginMeter);