It’s time for episode number 5 of API Security With A Pinch Of Salt and in this episode Chris, Adam, and Ran talk about JSON Web Tokens (JWTs), an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
JWTs are commonly used for authorization in API applications because they’re lightweight, can be encrypted and can be digitally signed. As a simple example, a banking app might use JWTs to keep you from having to log in as you move between services like checking your balance, updating your investments and applying for a loan. Each of those services are likely different apps on the backend and being able to log in once, have the application issue a JWT for the session and use that JWT to authenticate you to each service will keep you from having to enter your user name and password again and again. JWTs are also commonly used with Single Sign On services for the very same reason.
We dig deeper into more of the details around JWTs, how they’re used for security in API applications, and if they’re vulnerable to attacks. Check out the video to see more.
It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
We want to thank our customers, partners and friends for the calls and messages to our team showing your concern and support.