It has been 167 days since the last alg=none JWT vulnerability.
Pretty Printing JSON Web Tokens (JWTs) on the Command Line using Go (2 mins read).
How to easily introspect and pretty print a signed JWT (JWS) or an encrypted JWT (JWE) on the command line using Go.
Recommended read: API Tokens: A Tedious Survey https://fly.io/blog/api-tokens-a-tedious-survey/
Decrypting Encrypted JSON Web Tokens (JWE) with Ruby (1 mins read).
How to use Ruby to decrypt encrypted JSON Web Token objects.
Filippo Valsorda 💉💉🎉 (@FiloSottile)Tue, 01 Jun 2021 12:14 +0000
Recommended read: Biscuit, the foundation for your authorization systems https://www.clever-cloud.com/blog/engineering/2021/04/12/introduction-to-biscuit/
Recommended read: JWT Token Debugger https://token.dev/
Recommended read: JWT jku&x5u = ❤️ by @snyff #NahamCon2020 https://youtu.be/VA1g7YV8HkI
Creating Signed JOSE Objects with Ruby (1 mins read).
How to use
ruby-jose to create a signed JSON Object Signing and Encryption (JOSE) object on the command-line.
Recommended read: Are You Properly Using JWTs? - Dmitry Sotnikov https://www.youtube.com/embed/M3jA0bGDCso
Recommended read: Hardcoded secrets, unverified tokens, and other common JWT mistakes https://r2c.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/
Generating the Client Assertion JWT for
private_key_jwt Authentication with Ruby (1 mins read).
A helper script to generate the client assertion required to authenticate to an Authorization Server that supports
private_key_jwt, on the command-line with Ruby.
Verifying Signed JWTs (JWS) with Ruby (2 mins read).
Using the ruby-jwt library to verify a signed JSON Web Token (JWS) on the command-line.
Creating Signed JWTs (JWS) with Ruby (1 mins read).
Using the json-jwt and ruby-jwt libraries to sign a JSON Web Token on the command-line.
Recommended read: JWT is Awesome: Here's Why https://thehftguy.com/2020/02/18/jwt-is-awesome-heres-why/
Creating Signed JWTs (JWS) with Node.JS (1 mins read).
How to use the jsonwebtoken library to create a Signed JSON Web Token (JWS) with Node.JS.
Recommended read: Critical vulnerabilities in JSON Web Token libraries https://www.chosenplaintext.ca/2015/03/31/jwt-algorithm-confusion.html
Recommended read: Hacking JSON Web Tokens (JWTs) https://medium.com/swlh/hacking-json-web-tokens-jwts-9122efe91e4a
Recommended read: JWTs? JWKs? ‘kid’s? 'x5t's? Oh my! https://redthunder.blog/2017/06/08/jwts-jwks-kids-x5ts-oh-my/
Recommended read: A Thorough Introduction to PASETO https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto
Pretty Printing JSON Web Tokens (JWTs) on the Command Line using OpenSSL (3 mins read).
How to easily introspect a JWT on the command line using OpenSSL and optionally Python for real pretty-printing.
Verifying Signed JWTs (JWS) with Node.JS (3 mins read).
How to use the jsonwebtoken and node-jose libraries to verify the signature of a Signed JSON Web Token (JWS) with Node.JS.
Pretty Printing JSON Web Tokens (JWTs) on the Command Line using Ruby (3 mins read).
How to easily introspect and pretty print a signed JWT (JWS) or an encrypted JWT (JWE) on the command line using Ruby's standard library, or using the ruby-jwt external library.
You're currently viewing page 1 of 1, of 33 posts.