JWTs Suck (and Are Stupid)

JWTs Suck (and Are Stupid)

JSON Web Tokens (JWTs) are all the rage in the security world. They’re becoming more and more ubiquitous in web authentication libraries, and are commonly used to store a user’s identity information.

In this talk, Randall Degges will walk you through web authentication from the ground up, explaining how it works both with and without JWTs. Along the way, you’ll learn why JWTs aren’t as great as you might hear, and learn about better ways to speed up web authentication for your web applications.

Through this talk, you’ll learn:

- How web authentication works
- How HTTP sessions and cookies store information
- How JWTs work
- How JWTs are commonly used in authentication libraries and tools
- Why JWTs are so popular
- Why JWTs aren’t the right solution for most web applications

56badf521701d4f9b3a394d3ef6e90c4?s=128

Randall Degges

April 11, 2018
Tweet