This is related to this security question regarding what it is that secures credentials inside a single page webapp.
Suppose we are using an app that is not ours and uses JWT Tokens for security. Are we able to log the contents through browser developer tooling or otherwise of the variables that the app uses for state. Specifically could someone log or see the contents of the JWT token that the user obtained post authentication?