Speaker Deck

JWTs Suck (and Are Stupid)

by Randall Degges

Published January 12, 2018 in Programming

JSON Web Tokens (JWTs) are all the rage in the security world. They’re becoming more and more ubiquitous in web authentication libraries, and are commonly used to store a user’s identity information.

In this talk, Randall Degges will walk you through web authentication from the ground up, explaining how it works both with and without JWTs. Along the way, you’ll learn why JWTs aren’t as great as you might hear, and learn about better ways to speed up web authentication for your web applications.

Through this talk, you’ll learn:

- How web authentication works
- How HTTP sessions and cookies store information
- How JWTs work
- How JWTs are commonly used in authentication libraries and tools
- Why JWTs are so popular
- Why JWTs aren’t the right solution for most web applications