Introduction
- Overview of JWT structure
- JWT common use cases
JWT Validation
- Symmetric token signature
- Asymmetric token signature
- Validating tokens
- Validating claims
Stolen JWTs
- Dealing with stolen JWTs
- JWT storage
- Invalidating JWTs
Managing a Cryptographic Key
- Overview of secret keys
- Embedding the public key
- Embedding a URL containing the key
Hacking JWTs
- Brute force approach
- Modifying the algorithm RS256 to HS256
- None algorithm approach
Summary and Next Steps