CodeX
Published in

CodeX

Experienced Developers Know and Fix These 3 JWT Pitfalls

SSRF is one of them, no not CSRF

Nowadays JWT is defacto for authentication.

Long are the days of session cookies. Although some would kill to get them back.

With new stuff, comes a headache. What’s this JWK for? What’s JOSE for? What happens if someone steals my token? Or cookie?

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Miloš Živković

Miloš Živković

1.2K Followers

Java and dev lifestyle stories. Subscribe for limitless reading: https://zivce.medium.com/membership Check out some of my e-books: https://zivce.gumroad.com/