Bookmarks tagged with #jwt.
Show all
Show all
Hardcoded secrets, unverified tokens, and other common JWT mistakes
JWT (JSON Web Token) is an open standard (RFC 7519) that defines a way to provide information within a JSON object between two parties. This standard is intended to help transmit information securely, but no standard or technology will protect you when used improperly.
Tags:
#jwt
Saved
on: 2020-06-28
Things to Use Instead of JWT | Kevin Burke
You might have heard that you shouldn't be using JWT. That advice is correct - you really shouldn't use it. In general, specifications that allow the attacker to choose the algorithm for negotiation have more problems than ones that don't (see TLS).
Saved
on: 2017-05-08