JSON Web Tokens (JWT) Training Course

Introduction

  • Overview of JWT structure
  • JWT common use cases

JWT Validation

  • Symmetric token signature
  • Asymmetric token signature
  • Validating tokens
  • Validating claims

Stolen JWTs

  • Dealing with stolen JWTs
  • JWT storage
  • Invalidating JWTs

Managing a Cryptographic Key

  • Overview of secret keys
  • Embedding the public key
  • Embedding a URL containing the key

Hacking JWTs

  • Brute force approach
  • Modifying the algorithm RS256 to HS256
  • None algorithm approach

Summary and Next Steps