learn hapi — Increase JWT Security Beyond the Signature

JSON web tokens (JWT) are widely accepted on the Internet. You’ll find countless tutorials using JWT authentication. Most of them showing how to sign a JWT using an HMAC-based algorithm which is a quick way to get started.

We both know that the copied code from a tutorial is likely to be deployed into production. Typically, tutorials try to minimize the lines of code in the examples. That’s the reason you accidentally end up using the insecure code in your applications.

This tutorial touches a dozen JWT security aspects which you should consider in your application.

All security aspects in this tutorial have an extensive description, point you to the individual JWT claims, show examples, and outline the steps to secure your app.

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.