JWT best practices for max security
ฝัง
- เผยแพร่เมื่อ 17 มิ.ย. 2024
- Support my work / pawelspychalski
Here are a few tips on how to make your JWT tokens more secure. JWT by itself is secure out of the box, but our authentication and authorization policy can benefit if you do the following:
How to revoke a JWT token: • How to revoke a JWT to...
0:00 Let's increase the JWT security level
0:21 Why JWT is safe?
0:46 Keep the issuer of the token private key safe
1:03 Do not put any secrets into the JWT token
1:45 Keep the lifetime of the access and refresh token short
2:51 Not-Before policy
3:22 Use scopes!
4:24 More about JWT tokens
#quadmeup #youtube
If you want to support me:
✅ Patreon / pawelspychalski
✅ Banggood affiliate bit.ly/2P8oAxr
✅ Paypal paypal.me/pawelspychalski
▶ Discord server quadmeup.com/discord
▶ My website quadmeup.com/ - วิทยาศาสตร์และเทคโนโลยี
How to revoke a JWT token: th-cam.com/video/jzB4TfmOZyw/w-d-xo.html
Great video, very informative
Great video!
can you use jwt in inav?
What if the token gets leaked....if a person has the token he/she would be able to hit the api
It would indeed be stolen and used to access api but then expired, as a dev you'd better to protect from this theft rather then figuring out how to stop a stolen one, use http only cookies secure https connection
sorry but either you dont know what you're talking about, or you're omitting the truth? JWT used in an authorization context is a secret, even if it doesn't contain any secret info, as they're used to perform authenticated calls!
There's much more to JWT security than what you mention, starting with where they're stored for instance, or how they're generated (fingerprint?) or combined with other security measures.