SlideShare a Scribd company logo

WTH is a JWT

J
Joel Lord

Chances are sooner or later your shiny new single page application will need authentication. Add some security and resource access control to that list as well. But how can we integrate all of this into a single page application that is entirely public? How can we ensure that our users only have access to the resources they are authorized to by hacking way in via the console? In this talk, the attendees will learn about l JSON Web Tokens (JWT) and see how they can be used to properly secure single page applications.

1 of 128
Download to read offline
WTH IS A JWT
IT’S NOT PRONOUNCED ‘JOT’
WTH is a JWT
WTH IS A JWT
IT’S NOT PRONOUNCED ‘JOT’
@joel__lord #AllThingsOpen
WTH IS A JWT
ABOUT ME
@joel__lord
joellord
@joel__lord #AllThingsOpen
WTH IS A JWT
SPA BEST PRACTICES
@joel__lord #AllThingsOpen
WTH IS A JWT
SPA BEST PRACTICES
▸ …

Recommended

From Ceasar Cipher To Quantum Cryptography
From Ceasar Cipher To Quantum CryptographyFrom Ceasar Cipher To Quantum Cryptography
From Ceasar Cipher To Quantum CryptographyJoel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Mot de passe oublié? Absolument!
Mot de passe oublié? Absolument!Mot de passe oublié? Absolument!
Mot de passe oublié? Absolument!Joel Lord
 
Asynchronicity: concurrency. A tale of
Asynchronicity: concurrency. A tale ofAsynchronicity: concurrency. A tale of
Asynchronicity: concurrency. A tale ofJoel Lord
 

More Related Content

More from Joel Lord

Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine LearningJoel Lord
 
Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
WTH is a JWT
WTH is a JWTWTH is a JWT
WTH is a JWTJoel Lord
 
Asynchonicity: concurrency. A tale of
Asynchonicity: concurrency. A tale ofAsynchonicity: concurrency. A tale of
Asynchonicity: concurrency. A tale ofJoel Lord
 
I Don't Care About Security
I Don't Care About Security I Don't Care About Security
I Don't Care About Security Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)Joel Lord
 
Secure your SPA with Auth0
Secure your SPA with Auth0Secure your SPA with Auth0
Secure your SPA with Auth0Joel Lord
 
Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine LearningJoel Lord
 
Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine LearningJoel Lord
 
Rise of the Nodebots
Rise of the NodebotsRise of the Nodebots
Rise of the NodebotsJoel Lord
 
Let's Get Physical
Let's Get PhysicalLet's Get Physical
Let's Get PhysicalJoel Lord
 
Learning About Machine Learning
Learning About Machine LearningLearning About Machine Learning
Learning About Machine LearningJoel Lord
 
Learning About Machine Learning
Learning About Machine LearningLearning About Machine Learning
Learning About Machine LearningJoel Lord
 
Learning About Machine Learning
Learning About Machine LearningLearning About Machine Learning
Learning About Machine LearningJoel Lord
 
Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine LearningJoel Lord
 
Apprendre l'apprentissage automatisé
Apprendre l'apprentissage automatiséApprendre l'apprentissage automatisé
Apprendre l'apprentissage automatiséJoel Lord
 

More from Joel Lord (20)

Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine Learning
 
Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Forgot Password? Yes I Did!
Forgot Password? Yes I Did!
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Forgot Password? Yes I Did!
Forgot Password? Yes I Did!Forgot Password? Yes I Did!
Forgot Password? Yes I Did!
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
WTH is a JWT
WTH is a JWTWTH is a JWT
WTH is a JWT
 
Asynchonicity: concurrency. A tale of
Asynchonicity: concurrency. A tale ofAsynchonicity: concurrency. A tale of
Asynchonicity: concurrency. A tale of
 
I Don't Care About Security
I Don't Care About Security I Don't Care About Security
I Don't Care About Security
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)I Don't Care About Security (And Neither Should You)
I Don't Care About Security (And Neither Should You)
 
Secure your SPA with Auth0
Secure your SPA with Auth0Secure your SPA with Auth0
Secure your SPA with Auth0
 
Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine Learning
 
Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine Learning
 
Rise of the Nodebots
Rise of the NodebotsRise of the Nodebots
Rise of the Nodebots
 
Let's Get Physical
Let's Get PhysicalLet's Get Physical
Let's Get Physical
 
Learning About Machine Learning
Learning About Machine LearningLearning About Machine Learning
Learning About Machine Learning
 
Learning About Machine Learning
Learning About Machine LearningLearning About Machine Learning
Learning About Machine Learning
 
Learning About Machine Learning
Learning About Machine LearningLearning About Machine Learning
Learning About Machine Learning
 
Learning Machine Learning
Learning Machine LearningLearning Machine Learning
Learning Machine Learning
 
Apprendre l'apprentissage automatisé
Apprendre l'apprentissage automatiséApprendre l'apprentissage automatisé
Apprendre l'apprentissage automatisé
 

Recently uploaded

ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionŁukasz Chruściel
 
Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Damar Juniarto
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPTPraveenKumarThota7
 
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API ProjectsŁukasz Chruściel
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Prometix Pty Ltd
 

Recently uploaded (7)

ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solutionConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
ConFoo 2024 - Sylius 2.0, top-notch eCommerce for customizable solution
 
Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023Regulation is Coming - Trusted Media Summit 2023
Regulation is Coming - Trusted Media Summit 2023
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
Biometrics Technology Intresting PPT
Biometrics Technology Intresting PPTBiometrics Technology Intresting PPT
Biometrics Technology Intresting PPT
 
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024  - Need for Speed: Removing speed bumps in API ProjectsConFoo 2024  - Need for Speed: Removing speed bumps in API Projects
ConFoo 2024 - Need for Speed: Removing speed bumps in API Projects
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
Elevate Your Business: Unleashing Collaboration and Efficiency through Expert...
 

WTH is a JWT