JWT best practices for max security

แชร์
ฝัง
  • เผยแพร่เมื่อ 17 มิ.ย. 2024
  • Support my work / pawelspychalski
    Here are a few tips on how to make your JWT tokens more secure. JWT by itself is secure out of the box, but our authentication and authorization policy can benefit if you do the following:
    How to revoke a JWT token: • How to revoke a JWT to...
    0:00 Let's increase the JWT security level
    0:21 Why JWT is safe?
    0:46 Keep the issuer of the token private key safe
    1:03 Do not put any secrets into the JWT token
    1:45 Keep the lifetime of the access and refresh token short
    2:51 Not-Before policy
    3:22 Use scopes!
    4:24 More about JWT tokens
    #quadmeup #youtube
    If you want to support me:
    ✅ Patreon / pawelspychalski
    ✅ Banggood affiliate bit.ly/2P8oAxr
    ✅ Paypal paypal.me/pawelspychalski
    ▶ Discord server quadmeup.com/discord
    ▶ My website quadmeup.com/
  • วิทยาศาสตร์และเทคโนโลยี

ความคิดเห็น • 7

  • @PSAfterHours
    @PSAfterHours  2 ปีที่แล้ว

    How to revoke a JWT token: th-cam.com/video/jzB4TfmOZyw/w-d-xo.html

  • @heshiebee
    @heshiebee ปีที่แล้ว

    Great video, very informative

  • @matthewrichardson8162
    @matthewrichardson8162 ปีที่แล้ว

    Great video!

  • @jorgeromero4680
    @jorgeromero4680 ปีที่แล้ว

    can you use jwt in inav?

  • @ShibraTai
    @ShibraTai 2 หลายเดือนก่อน

    What if the token gets leaked....if a person has the token he/she would be able to hit the api

    • @imissthestacy4803
      @imissthestacy4803 หลายเดือนก่อน

      It would indeed be stolen and used to access api but then expired, as a dev you'd better to protect from this theft rather then figuring out how to stop a stolen one, use http only cookies secure https connection

  • @syffs-sq6bw
    @syffs-sq6bw 6 หลายเดือนก่อน

    sorry but either you dont know what you're talking about, or you're omitting the truth? JWT used in an authorization context is a secret, even if it doesn't contain any secret info, as they're used to perform authenticated calls!
    There's much more to JWT security than what you mention, starting with where they're stored for instance, or how they're generated (fingerprint?) or combined with other security measures.