JWT best practices for max security
Рет қаралды 7,452
Күн бұрынSupport my work / pawelspychalski
Here are a few tips on how to make your JWT tokens more secure. JWT by itself is secure out of the box, but our authentication and authorization policy can benefit if you do the following:
How to revoke a JWT token: • How to revoke a JWT to...
0:00 Let's increase the JWT security level
0:21 Why JWT is safe?
0:46 Keep the issuer of the token private key safe
1:03 Do not put any secrets into the JWT token
1:45 Keep the lifetime of the access and refresh token short
2:51 Not-Before policy
3:22 Use scopes!
4:24 More about JWT tokens
#quadmeup #youtube
If you want to support me:
✅ Patreon / pawelspychalski
✅ Banggood affiliate bit.ly/2P8oAxr
✅ Paypal paypal.me/pawelspychalski
▶ Discord server quadmeup.com/discord
▶ My website quadmeup.com/
@PSAfterHours 2 жыл бұрын
How to revoke a JWT token: kzfaq.info/get/bejne/oOByZ7eX0rW-qas.html
@heshiebee Жыл бұрын
Great video, very informative
@matthewrichardson8162 Жыл бұрын
Great video!
@jorgeromero4680 Жыл бұрын
can you use jwt in inav?
@ShibraTai 3 ай бұрын
What if the token gets leaked....if a person has the token he/she would be able to hit the api
@imissthestacy4803 2 ай бұрын
It would indeed be stolen and used to access api but then expired, as a dev you'd better to protect from this theft rather then figuring out how to stop a stolen one, use http only cookies secure https connection
@syffs-sq6bw 7 ай бұрын
sorry but either you dont know what you're talking about, or you're omitting the truth? JWT used in an authorization context is a secret, even if it doesn't contain any secret info, as they're used to perform authenticated calls! There's much more to JWT security than what you mention, starting with where they're stored for instance, or how they're generated (fingerprint?) or combined with other security measures.
Israeli Tech Radar
Рет қаралды 36 М.
Dan Vega
Рет қаралды 119 М.