My god I learn so much from this talk! Loads of information and the presenter is knowledgeable!
@gjuoun4 жыл бұрын
Unbelievable! I followed after watched your JWT crash course!
@prashanttiwari1203 жыл бұрын
Hi Hussie, great to see your comment here
@qcmira20242 жыл бұрын
You here, how am I not surprised !? By the way I really enjoy your videos, I’ve learned so much from them. Keep up the good work !
@CodeDoctorJet5 жыл бұрын
Excellent preso. As AppSec professionals we need these kinds of prescriptive information for our developers. I'll definitely be sharing the cheat sheet and recommending more use of things like key IDs rather than just basic jwt sharing. Good stuff.
@hectormejia4993 жыл бұрын
Holy crap, JWTs are insanely complex, very good talk! Also scares me that this is the defacto method for "simple and secure" authentication in most APIs.
@Deebool4 жыл бұрын
Very clear and detailed yet concise. Thanks you very much!
@dmytroshchotkin29394 жыл бұрын
Thanks, SIr. It's a very good explanation! Indeed, very clear!
@ims-w6s4 жыл бұрын
Really good talk on JWTs. Really interesting topics. But why the questions weren't added to the video?? Anyway, great!
@Pownas892 жыл бұрын
Still a Really good talk where I’ve learned a lot and got a lot of the info confirmed from what others haven’t explained fully. Thanks for a good informative video! 😊
@qcmira20242 жыл бұрын
Awesome video ! So much to take from it. Thx for sharing it.
@stokitko2 жыл бұрын
Thanks, you refined a lot for me. Guess what, I made an error when during validation of JWT doesn't checked an issuer with expected. It's funny because I had a hesitation to check it but was too busy by implementing sig verification. Thank you again, you saved billions (I hope) of my future users :)
@Tidaltwist4 жыл бұрын
It'd have been helpful if there were timestamps for each part. But great talk though.
@codefarm03 жыл бұрын
Super awesome. Tons of cool information. Thanks :)
@robertodiana58214 жыл бұрын
the title maintains the promises
@MosheEshel3 жыл бұрын
Excellent talk, I learned a lot of new things.
@amitparks3 жыл бұрын
One of the best on JWT , JWS...
@ILyaCyclone4 жыл бұрын
Superb talk, sir!
@Cdswjp2 жыл бұрын
Is symmetric signing ever preferred over asymmetric signing?
@KunalMukherjee37013 жыл бұрын
Excellent power packed talk
@dsebastien5 жыл бұрын
Great presentation, thanks for sharing!
@manojlasantha84994 жыл бұрын
Great talk ! I learnt a lot from the talk.
@liferajib3 жыл бұрын
Best talk on JWT
@metalbroga4 жыл бұрын
i have a question that is related to “renewing” jwt, like those apps that never logs you out (like Facebook, instagram)?
@Deebool4 жыл бұрын
I wonder about that part too (and security issues that goes along) !
@Rheenen3 жыл бұрын
to renew an accesstoken, you send the expired accesstoken + refreshtoken, validate, and send back a new accesstoken if validation was ok. If not, then don't send back new access token.
@metalbroga3 жыл бұрын
@@Rheenen Thanks for the clarification
@tommasoborgato3 жыл бұрын
Great talk .... learned a lot of new stuff
@javadhosseini75244 жыл бұрын
thanks for your great video. I have a question. Is it good to store a jwk into a json file?
@philippederyck25724 жыл бұрын
Sure, it all depends on how that JWK is used. OpenID Discovery points to a JSON file containing the identity provider's keys ...
@HenrryPires4 жыл бұрын
Thanks, amazing talk
@scottsmyth32514 жыл бұрын
super helpful thanks
@SM-ok3sz3 жыл бұрын
Good talk but holy crap is that pointing device annoying.
@mr.RAND55844 жыл бұрын
it is like md5 can be decoded public in their website jwt; just put the token their and it will give information;
@j-tech91563 жыл бұрын
Got a lot
@alvis75743 жыл бұрын
JWT is basically a digital envelope encrypted with some symmetric encryption algorithm. Could it secure your payload? Maybe. Could that be a problem for a hacker? Nope.