JWT Token Security and Best Practices
I was doing a ton of research and reading on JWT token security and found a bunch of references that were useful (and many that were not!). Here they are, maybe they will help you too:
This was the best complete guide all in one place… #11 is my favorite!
Auth0 also has some excellent resources as well, here is one:
Here are some others:
They say they do everything client-side, but I’d be scared to put any real tokens in here…
There was also this really cool presentation made by OWASP about it.
And if you want to try at cracking some JWTs…
If you find any additional resources, please drop me an email.