I have a request '/login' which basically validates the USERNAME and PASSWORD and further on success, return token (JWT).
Now the question is my API is also returning USERNAME and PASSWORD in response with token. Is it the right way or should I remove USERNAME and PASSWORD from response.
REQUEST JSON
{
"USERNAME": "admin",
"PASSWORD": "123456"
}
Response
{
"token": "eyJhbGciOiJIUzUxMiJ9.eyJleHAiOjE1NTk1NTM4NjcsInVzZXJMb2dpbklkIjoiYWRtaW4ifQ.fxaENKTXxPG5wl8hp7_cSORfMzI38ODu_HgNRj3c7UZwohiFNFfZVpou8MYU4kkxEXV87-LP3upctjGCpGV6_Q",
"PASSWORD": "123456",
"USERNAME": "admin"
}