It’s time for episode number 5 of API Security With A Pinch Of Salt and in this episode Chris, Adam, and Ran talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
JWTs are commonly used for authorization in API applications because they’re lightweight, can be encrypted and can be digitally signed. As a simple example, a banking app might use JWTs to keep you from having to log in as you move between services like checking your balance, updating your investments and applying for a loan. Each of those services are likely different apps on the backend and being able to log in once, have the application issue a JWT for the session and use that JWT to authenticate you to each service will keep you from having to enter your user name and password again and again. JWTs are also commonly used with Single Sign On services for the very same reason.
We dig deeper into more of the details around JWTs, how they’re used for security in API applications, and if they’re vulnerable to attacks. Check out the video to see more.