Each public endpoint has the secret and can decode the JWT by itself
A single internal service is dedicated to decoding the JWT, which would serve multiple public endpoints whenever they need
Implementation
Pros
Cons
Distributed secret
Reduced complexity and latency
Secret is more exposed, repeated functionality across different services reduces maintainability¹
Dedicated JWT decoder
Reduces attack surface, more maintainable
May increase services coupling, increased latency
¹ Some architectures have resources to mitigate that. The JWT decoding could be implemented as a Layer, if you're using AWS Lambda, for example.
Side comment: I would be very interested in reading more about the implementation you and your team are using! Do you have any plans to write about it? I see pros and cons about proxying requests from a single endpoint.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
In that case, I can see two options:
¹ Some architectures have resources to mitigate that. The JWT decoding could be implemented as a Layer, if you're using AWS Lambda, for example.