search

JSON Web Tokens (or JWTs) have become incredibly popular and you’ve likely heard of them before. What you may not have heard is that JWTs were originally designed for use in OAuth – which is fundamentally different to user sessions.

Bharat Dwarkani shared on Apr 02, 2020
image
supertokens.io
bookmarks
share
visibility12
visibility12 share bookmarks

JSON web tokens are a type of access tokens that are widely used in commercial applications. They are based on the JSON format and includes a token signature to ensure the integrity of the token. Today, we are going to talk about the security implications of using JSON web tokens (and signature-based tokens in general), and how they can be exploited by attackers to bypass access control.

Bharat Dwarkani shared on Mar 12, 2020
image
link.medium.com
bookmarks
share
visibility17
visibility17 share bookmarks

Several tools were also previously developed. However, after assessing the quality of the public tools, I concluded that we need better tools to perform testing against JWT. I have developed a set of scripts I call it “jwt-pwn” that aims to test JWT authentication with stability, simplicity, and efficiency in mind. The scripts set are very simple, as it integrates directly with the JWT Python library.

Bharat Dwarkani shared on Oct 26, 2019
image
mazinahmed.net
bookmarks
share
visibility7
visibility7 share bookmarks

For those who are unfamiliar, JSON Web Token (JWT) is a standard for creating tokens that assert some number of claims. For example, a server could generate a token that has the claim "logged in as admin" and provide that to a client. The client could then use that token to prove that they are logged in as admin. The tokens are signed by the server's key, so the server is able to verify that the token is legitimate.

Bharat Dwarkani shared on Oct 19, 2019
image
auth0.com
bookmarks
share
visibility11
visibility11 share bookmarks

JWTs (JSON Web Token, pronounced 'jot') are becoming a popular way of handling auth. This post aims to demystify what a JWT is, discuss its pros/cons and cover best practices in implementing JWT on the client-side, keeping security in mind.

Bharat Dwarkani shared on Sep 22, 2019
image
blog.hasura.io
bookmarks
share
visibility14
visibility14 share bookmarks

Over the last few months, some implementations of JSON Web Tokens (JWTs) that have ultimately led to compromise of the web application. Some scenarios include, stealing admin tokens through XSS (detailed in this blog) and forging claims during account registration to create standard accounts with admin privileges.

Bharat Dwarkani shared on Sep 15, 2019
image
medium.com
bookmarks
share
visibility38
visibility38 share bookmarks

The goal in this post is to first start by learning how JSON Web Tokens (or JWTs) work in detail, including how they can be used for User Authentication and Session Management in a Web Application.

Bharat Dwarkani shared on Sep 10, 2019
image
blog.angular-university.io
bookmarks
share
visibility4
visibility4 share bookmarks

How to implement JSON Web Tokens in Dart

Bharat Dwarkani shared on Sep 01, 2019
image
itnext.io
bookmarks
share
visibility3
visibility3 share bookmarks
add