Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

JWTs - Patterns and Anti-patterns in Authentication

LASCON via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore patterns and anti-patterns of JSON Web Tokens (JWTs) in this 33-minute conference talk from LASCON. Delve beyond basic JWT concepts to examine various use cases, including stateless tokens, server-side sessions, and service-to-service authentication. Learn about potential pitfalls such as weak HMAC secrets, lack of revocation mechanisms, and fragile key rotation. Discover alternatives like macaroons and gain insights on when to avoid using JWTs for sessions. Understand best practices for implementing JWTs securely, including the use of trusted libraries and registered claims.

Syllabus

Intro
Speaker: David Gilman
HTTP Cookie
Stateless Tokens
Server Side Session
Clifford Stoll's Chocolate Chip Cookie Recipe
Trying to be Everything to Everybody
JWTs as Sessions
Attaching with JavaScript
Weak HMAC Secrets
No Revocation
No Expiration
Database for Revocation
Refresh + Access Tokens
Fragile Built-In Signing Key Rotation
Fully Stateful
Multiple Overlapping Implementations
Service 2 Service Auth
Shared Token
Auth Service
Revocation via Cache
Hardcoded Algorithm
Use Alternatives
Use Trusted Libraries
Registered Claims
Macaroons Paper
Stop Using JWT for Sessions

Taught by

LASCON

Reviews

Start your review of JWTs - Patterns and Anti-patterns in Authentication

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.