Client side token creating security?

Hello there

I have a webapp that has some metabase reports embeded. I am performing all the token creation client side. My SECRET key is being stored in an aws key keeper tool and retrieved when needed. My app is not open to the public, but requires a login and only approved personel have access.

Are there any security risks performing all the encoding client side?

Thanks

Have a look at the links within this recent post AND sign into GitHub and upvote the very first post of any of them that relate to your concerns. The more upvotes the more likely an issue will be addressed in an upcoming release.