Submit Search
Upload
State of JSON Web Tokens at Employment Hero
•
0 likes
•
16 views
L
Luong Vo
Follow
State of JSON Web Tokens at Employment Hero
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 38
Download now
Download to read offline
Recommended
Advance java session 8
Advance java session 8
Smita B Kumar
APIdays London 2019 - Connect to banks easily using GraphQL of course, Joao M...
APIdays London 2019 - Connect to banks easily using GraphQL of course, Joao M...
apidays
FinagleCon_2015_Pinterest
FinagleCon_2015_Pinterest
Yongsheng Wu
Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...
Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...
Hedera Hashgraph
Apis and-web-programming
Apis and-web-programming
Alasdair Monk
Webinar - Build a decentralized app with the Hedera Cryptocurrency API
Webinar - Build a decentralized app with the Hedera Cryptocurrency API
Hedera Hashgraph
Introduction to Distributed Architecture
Introduction to Distributed Architecture
Justin Weinberg
Web api security
Web api security
9xdot
Recommended
Advance java session 8
Advance java session 8
Smita B Kumar
APIdays London 2019 - Connect to banks easily using GraphQL of course, Joao M...
APIdays London 2019 - Connect to banks easily using GraphQL of course, Joao M...
apidays
FinagleCon_2015_Pinterest
FinagleCon_2015_Pinterest
Yongsheng Wu
Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...
Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...
Hedera Hashgraph
Apis and-web-programming
Apis and-web-programming
Alasdair Monk
Webinar - Build a decentralized app with the Hedera Cryptocurrency API
Webinar - Build a decentralized app with the Hedera Cryptocurrency API
Hedera Hashgraph
Introduction to Distributed Architecture
Introduction to Distributed Architecture
Justin Weinberg
Web api security
Web api security
9xdot
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
marcuschristie
Smart Contracts: From Zero to Dapp Hero | Hedera18
Smart Contracts: From Zero to Dapp Hero | Hedera18
Hedera Hashgraph
Hedera API: Cryptocurrency 101 | Hedera18
Hedera API: Cryptocurrency 101 | Hedera18
Hedera Hashgraph
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
apidays
Going Offline with Salesforce1 Mobile SDK
Going Offline with Salesforce1 Mobile SDK
WinWire Technologies Inc
Augmented nodes
Augmented nodes
Didier Martin
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
Boyan Dimitrov
TransparentCDN Overview
TransparentCDN Overview
ServoTIC
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
Chris Richardson
SD-WAN for Blockchain?
SD-WAN for Blockchain?
Atchison Frazer
The last picks
The last picks
Nafiur Rahman Tuhin
REST API interface to blockchain networks
REST API interface to blockchain networks
Gene Leybzon
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
Amazon Web Services
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs Authorization
Erick Belluci Tedeschi
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
Amazon Web Services
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
AWS Germany
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Amazon Web Services
Building Event-driven Serverless Apps
Building Event-driven Serverless Apps
Danilo Poccia
Event-driven (serverless) Applications
Event-driven (serverless) Applications
Danilo Poccia
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Vinícius Carvalho
Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...
Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...
VMware Tanzu
Extending Oracle SSO
Extending Oracle SSO
kurtvm
More Related Content
What's hot
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
marcuschristie
Smart Contracts: From Zero to Dapp Hero | Hedera18
Smart Contracts: From Zero to Dapp Hero | Hedera18
Hedera Hashgraph
Hedera API: Cryptocurrency 101 | Hedera18
Hedera API: Cryptocurrency 101 | Hedera18
Hedera Hashgraph
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
apidays
Going Offline with Salesforce1 Mobile SDK
Going Offline with Salesforce1 Mobile SDK
WinWire Technologies Inc
Augmented nodes
Augmented nodes
Didier Martin
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
Boyan Dimitrov
TransparentCDN Overview
TransparentCDN Overview
ServoTIC
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
Chris Richardson
SD-WAN for Blockchain?
SD-WAN for Blockchain?
Atchison Frazer
The last picks
The last picks
Nafiur Rahman Tuhin
REST API interface to blockchain networks
REST API interface to blockchain networks
Gene Leybzon
What's hot
(12)
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
TeraGrid's GRAM Auditing & Accounting, & its Integration with the LEAD Scienc...
Smart Contracts: From Zero to Dapp Hero | Hedera18
Smart Contracts: From Zero to Dapp Hero | Hedera18
Hedera API: Cryptocurrency 101 | Hedera18
Hedera API: Cryptocurrency 101 | Hedera18
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
APIdays Zurich 2019 - Blockchain APIs for the enterprise Stefano Tempesta
Going Offline with Salesforce1 Mobile SDK
Going Offline with Salesforce1 Mobile SDK
Augmented nodes
Augmented nodes
Complex architectures for authentication and authorization on AWS
Complex architectures for authentication and authorization on AWS
TransparentCDN Overview
TransparentCDN Overview
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
JavaOne2017: ACID Is So Yesterday: Maintaining Data Consistency with Sagas
SD-WAN for Blockchain?
SD-WAN for Blockchain?
The last picks
The last picks
REST API interface to blockchain networks
REST API interface to blockchain networks
Similar to State of JSON Web Tokens at Employment Hero
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
Amazon Web Services
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs Authorization
Erick Belluci Tedeschi
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
Amazon Web Services
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
AWS Germany
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Amazon Web Services
Building Event-driven Serverless Apps
Building Event-driven Serverless Apps
Danilo Poccia
Event-driven (serverless) Applications
Event-driven (serverless) Applications
Danilo Poccia
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Vinícius Carvalho
Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...
Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...
VMware Tanzu
Extending Oracle SSO
Extending Oracle SSO
kurtvm
Building Event-driven Serverless Applications
Building Event-driven Serverless Applications
Amazon Web Services
Building event driven serverless apps by Danilo Poccia at Codemotion Dubai
Building event driven serverless apps by Danilo Poccia at Codemotion Dubai
Codemotion Dubai
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
CA API Management
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Danilo Poccia
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Danilo Poccia
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
Nov Matake
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
Best Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
Amazon Web Services
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Amazon Web Services
February 2016 Webinar Series - Best Practices for IoT Security in the Cloud
February 2016 Webinar Series - Best Practices for IoT Security in the Cloud
Amazon Web Services
Similar to State of JSON Web Tokens at Employment Hero
(20)
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
GPSTEC323-SaaS and OpenID Connect The Secret Sauce Multi-Tenant Identity and ...
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs Authorization
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
AWS IoT Deep Dive - AWS IoT Web Day
AWS IoT Deep Dive - AWS IoT Web Day
Best Practices of IoT Security in the Cloud
Best Practices of IoT Security in the Cloud
Building Event-driven Serverless Apps
Building Event-driven Serverless Apps
Event-driven (serverless) Applications
Event-driven (serverless) Applications
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Recipes for a successful production cloudfoundry deployment - CF Summit 2014
Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...
Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...
Extending Oracle SSO
Extending Oracle SSO
Building Event-driven Serverless Applications
Building Event-driven Serverless Applications
Building event driven serverless apps by Danilo Poccia at Codemotion Dubai
Building event driven serverless apps by Danilo Poccia at Codemotion Dubai
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
API Management and OAuth for Web, Mobile and the Cloud: Scott Morrison's Pres...
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
Build a Server-less Event-driven Backend with AWS Lambda and Amazon API Gateway
ID連携入門 (実習編) - Security Camp 2016
ID連携入門 (実習編) - Security Camp 2016
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
Best Practices of IoT in the Cloud
Best Practices of IoT in the Cloud
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the Cloud
February 2016 Webinar Series - Best Practices for IoT Security in the Cloud
February 2016 Webinar Series - Best Practices for IoT Security in the Cloud
More from Luong Vo
Skeleton-based Human Action Recognition with Recurrent Neural Network
Skeleton-based Human Action Recognition with Recurrent Neural Network
Luong Vo
Introduction to Ruby threads
Introduction to Ruby threads
Luong Vo
Why our platform needs Redis Sentinel
Why our platform needs Redis Sentinel
Luong Vo
Multiple sandboxes environment for parallel team deployment
Multiple sandboxes environment for parallel team deployment
Luong Vo
Facebook Product School Final Product Pitch: Lalaland
Facebook Product School Final Product Pitch: Lalaland
Luong Vo
Introduction to Docker
Introduction to Docker
Luong Vo
Migration from Heroku to Amazon Web Services
Migration from Heroku to Amazon Web Services
Luong Vo
Caching with Ruby
Caching with Ruby
Luong Vo
Employment Hero monitoring solution
Employment Hero monitoring solution
Luong Vo
Performance Management at Employment Hero
Performance Management at Employment Hero
Luong Vo
More from Luong Vo
(10)
Skeleton-based Human Action Recognition with Recurrent Neural Network
Skeleton-based Human Action Recognition with Recurrent Neural Network
Introduction to Ruby threads
Introduction to Ruby threads
Why our platform needs Redis Sentinel
Why our platform needs Redis Sentinel
Multiple sandboxes environment for parallel team deployment
Multiple sandboxes environment for parallel team deployment
Facebook Product School Final Product Pitch: Lalaland
Facebook Product School Final Product Pitch: Lalaland
Introduction to Docker
Introduction to Docker
Migration from Heroku to Amazon Web Services
Migration from Heroku to Amazon Web Services
Caching with Ruby
Caching with Ruby
Employment Hero monitoring solution
Employment Hero monitoring solution
Performance Management at Employment Hero
Performance Management at Employment Hero
Recently uploaded
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Alan Dix
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
ThousandEyes
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
OnBoard
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Recently uploaded
(20)
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Slack Application Development 101 Slides
Slack Application Development 101 Slides
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
State of JSON Web Tokens at Employment Hero
1.
JSON Web Tokens Luong
Vo
2.
3.
4.
5.
6.
7.
8.
JSON Web Token
9.
What is JSON
Web Tokens
10.
JSON Object To transfer
data between two parties digitally signed
11.
Digitally signed JSON Data
Signature JSON Web Token
12.
Signature signing algorithm
13.
RSA256
14.
HSA256
15.
Comparison RSA256 HSA256
16.
17.
18.
JSON API Authentication
19.
Main app Username + password Session
token Auth Service Generate session token Save session token to database But why?
20.
Main app Session token JWT
Token Auth Service Generate JWT Query session token to check But why?
21.
Main app Get/…. + JWT
Token { “data”: …. } Auth Service Validate JWT But why?
22.
Main app Get/…. + JWT
Token { “data”: …. } Auth Service Validate JWT Microservice GRPCcall But why?
23.
Microservice API Call !? Oh….
24.
Main app Get/…. + JWT
Token { “data”: …. } Auth Service Validate JW T Microservice Oh….
25.
External system Main app Microservice
26.
27.
Microservice API Call Should we? Auth
Service authenticate
28.
Microservice API Call Better! LOAD BALANCER Auth
Service authenticate API Gateway
29.
Main app Get/…. + JWT
Token { “data”: …. } Auth Service Microservice LOAD BALANCER
30.
31.
32.
33.
https://github.com/Thinkei/eh-kong/blob/master/auth/handler.lua#L49
34.
35.
Why not just
use JWT
36.
Size User ID in
JWT User id in session token
37.
● Require CPU
to compute cryptographic signatures ● No utilisation of being stateless ● Redundant-signing ● Can be read on the client side ● Must be explicitly encrypted if we wanted to ● Hard revocation
38.
That’s it. Thank
you for your attention!
Download now