JSON web tokens (JWTs) are widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However, just using a JWT is not enough to ensure your information is handled in a secure way. Because JWTs are so simple to use, it's easy to accidentally change the configuration or misuse the data being sent—which can make the application vulnerable even while you're trying to make it secure.
In this talk you will learn
• What a JWT is and how to avoid common security mistakes when using it
• How to properly validate the tokens
• Which settings disable the JWT signature and should be avoided
• What information should not be sent when creating a JWT