If jwt’s secret key is leaked, it will be gg. The secret key is set by the developer. In case he leaves office and starts messing around, it will be finished.
1. Dynamic generation
2. Set the validity period, such as once every 3 days
3. Manually modify the configuration