I have a webapp that has some metabase reports embeded. I am performing all the token creation client side. My SECRET key is being stored in an aws key keeper tool and retrieved when needed. My app is not open to the public, but requires a login and only approved personel have access.
Are there any security risks performing all the encoding client side?