Software Engineering Radio - the podcast for professional software developers cover image

Episode 526: Brian Campbell on Proof of Possession Defenses

Software Engineering Radio - the podcast for professional software developers

00:00

Is the JWT Token Validated?

There's really two main ways that token validation and information from the token is extracted for the resources to use. One is to include it directly in the JWT and the resource server validates that and extracts the information from it directly. The other method that is standardized in an RFC is to do what's called introspection, which is, I guess, sort of a misleading name. But either way with the certificate binding, there's a hash of the certificate included in the token. And so ultimately the resource either gets that directly from the JWT or through introspection.

Transcript
Play full episode

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app