Giving a jot about JWTs: JWT Patterns and Anti-Patterns - OWASP Podcast e002
The OWASP Podcast Series
00:00
The Dark Side of a JWTI?
J w ds is essentiallyr no longer stalus, which is supposed tobe oe ofthe main guarantees. It's feasible for ou scale to have a list of tokens that are invalid. I think its is usally the argument or the benefits we get from j w ds outweigh this cost. But i'd point out that common metation of j w dS is essentiallyrno longer stalus - it just feels like we're doing session tokens again. And you could find a lot of blog posts or hackernes comments or tweats about both the cryptographic shortcomings and the engineering shortcomings.
Transcript
Play full episode
