JSON Web Tokens (JWTs) give you a standardized security token format; however, they can often be abused due to gotchas in the core standards and subpar library design. Learn how to use JWTs securely with my latest course on Pluralsight: JWT Fundamentals.
JSON Web Token (JWT) is a standardized security token format that allows you to securely transmit data between parties as a self-contained JSON object. You’ll often see JWTs criticized for their use of cryptographic agility; however, due to their popularity and flexibility, it’s more than likely that you’ll need to use them at some point.
This course will teach you how to use JWTs securely, adhering to modern best practices while defending against the permissive nature of the core JOSE standards, regardless of your programming language or framework.
In this course, I focus on how to use JWTs securely, focusing on their modern OAuth and OpenID Connect use cases and best practices.
Watch this course to learn:
- When to use JSON Web Tokens and when not to use them
- How to create and validate a JSON Web Token
- The basics of digital signatures and how to choose the best signing algorithm
- How to encrypt JSON Web Tokens with JWE
- Best practices for securely using JSON Web Tokens and when to consider alternative approaches
As you’ll see throughout this course, I highly recommend watching my OAuth course to better understand the JWT use case and how best to use JWTs for API access.
I hope you enjoy the course. If you have any feedback or future topic suggestions, let me know!