JWT Security Best Practice

In this 1 part online course we outline some best practices for using JWTs, so that you can maintain a high level of security in your applications. These practices are based on community standards written down in RFCs as well as our own experience from working with JWTs.

  • What was that JWT again?
  • JWTs used as Access Tokens
  • What algorithms to use
  • When to validate the token
  • Checking the issuer and audience
  • Dealing with expiration, issued time and clock skew
  • How to work with signatures
  • Pairwise Pseudonymous Identifiers (PPID)

Related resources

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.