JWT Security Best Practice

In this 1 part online course we outline some best practices for using these kinds of JSON-based tokens, so that you can maintain a high level of security in your applications. These practices are based on community standards written down in RFCs as well as our own experience from working with JWTs.

  • What was that JWT again?
  • JWTs used as Access Tokens
  • What algorithms to use
  • When to validate the token
  • Checking the issuer and audience
  • Dealing with expiration, issued time and clock skew
  • How to work with signatures
  • Pairwise Pseudonymous Identifiers (PPID)

Related resources


Course Outline

Next steps

Start Today

Ready to modernize IAM? Build security and improve ease of use to stay ahead of the competition.