JWT Token Security and Best Practices
I was doing a ton of research and reading on JWT token security and found a bunch of references that were useful (and many that were not!). Here they are, maybe they will help you too:
This was the best complete guide all in one place… #11 is my favorite!
Here is the link for what they’re referring to. There’s a follow up to that article, which can be found here.
Auth0 also has some excellent resources as well, here is one:
Here are some others:
They say they do everything client-side, but I’d be scared to put any real tokens in here…
Here is another article made by NCC Group.
There was also this really cool presentation made by OWASP about it.
And if you want to try at cracking some JWTs…
If you find any additional resources, please drop me an email.
