JSON Web Tokens are great! Or are they? They’re signed, and self-contained payloads of data, but what could go wrong? Come and find out. Live demos of hackery included.
JWTs are secure; they’re signed; they’re the best thing since sliced bread! So you’ve adopted them into your applications, and feel much safer. The chances that things will go wrong are slim. Right?
This talk will introduce the ways in which JWT implementations can go wrong, together with live demos, and take you on a journey to understand how to make sure you can trust these handy payloads in your applications and APIs.