3min chapter

Software Engineering Radio - the podcast for professional software developers cover image

Episode 526: Brian Campbell on Proof of Possession Defenses

Software Engineering Radio - the podcast for professional software developers

CHAPTER

Is the JWT Token Validated?

There's really two main ways that token validation and information from the token is extracted for the resources to use. One is to include it directly in the JWT and the resource server validates that and extracts the information from it directly. The other method that is standardized in an RFC is to do what's called introspection, which is, I guess, sort of a misleading name. But either way with the certificate binding, there's a hash of the certificate included in the token. And so ultimately the resource either gets that directly from the JWT or through introspection.

00:00

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode