How to use

JWT safely

About me

  • Karim Pinchon
  • Backend developer (~10y)
  • Currently at Ornikar
  • @kpn13

Some advices

The secret key

Do not accept everything

Validate

the claims

Choose

asymmetric

 

Don't reinvent the wheel

 

Don't fight for revocation

Use only required and sufficient

Summary

It's not that simple!

Thanks!

How to use JWT safely

By Karim PINCHON

How to use JWT safely

  • 443