Overview
Explore the world of security tokens in this 30-minute talk from Okta. Discover the key role of JWTs, Macaroons, and PASETOs in securing mobile and web applications. Learn about the benefits, proper usage, and potential vulnerabilities of these tokens. Compare the three most popular types of security tokens, understanding their differences and appropriate use cases. Gain insights into structured security tokens, JSON Web Encryption (JWE), and Hash-based Message Authentication Codes. Examine the pros and cons of each token type, including potential problems with JWTs and the advantages of Platform-Agnostic Security Tokens (PASETO). Enhance your knowledge of application security and make informed decisions about implementing these crucial security measures in your projects.
Syllabus
Intro
# What are Security Tokens?
# What is a Security Token
# Hotel Keycard
# Structured Security Token
# JSON Web Token (JWT)
# JSON Web Encryption (JWE)
# Problems with JWT
# Platform-Agnostic SEcurity Token (PASETO)
Macaron != Macaroon
Hash-based Message Authentication Code
# Macaroons Pros/Cons
Taught by
Okta