Tutorials
JWT Lifecycle vs. Secret Rotation: Which is More Secure?
Comparing JWT lifespans and secret rotation strategies, I'll share my experiences on which is more secure and practical in real-world scenarios.
#jwt
6 posts found.
Tutorials
JWT Revocation: Stateless Promise Meets Real-World Challenge
While JWT's stateless nature sounds appealing, I explore the challenges of token revocation in real-world scenarios and my solution approaches.
Technology
The Operational Cost of JWT Lifecycle Management: Overlooked Details
I delve into the operational burden and cost of JWT lifecycle management, examining overlooked strategic points and practical solutions.
Tutorials
JWT Refresh and Revocation Mechanisms: The State of Security Practices
I'm sharing my experiences on the role of JWT (JSON Web Token) refresh and revocation processes in security practices and their implementation strategies.
Tutorials
JWT Storage: LocalStorage or HttpOnly Cookie?
I explore the intricacies of securely storing JWT tokens in web applications, comparing LocalStorage and HttpOnly Cookies.
Tutorials
Operational Runbook for JWKS Key Rotation
A runbook to triage the 401 wave (kid mismatch/JWKS cache) that occurs during JWT key rotation, and to set up safe overlap/caching strategy.