JWT Security Best Practice
In this 1 part online course we outline some best practices for using JWTs, so that you can maintain a high level of security in your applications. These practices are based on community standards written down in RFCs as well as our own experience from working with JWTs.
- What was that JWT again?
- JWTs used as Access Tokens
- What algorithms to use
- When to validate the token
- Checking the issuer and audience
- Dealing with expiration, issued time and clock skew
- How to work with signatures
- Pairwise Pseudonymous Identifiers (PPID)