#JWT

Validating JWTs from Multiple Issuers

Validating JWTs from multiple issuers introduces failure modes that do not exist with a single issuer. Learn the correct pattern and the attacks that result from getting it wrong.

How to Generate a JWT Secret Key for HMAC Algorithms

Learn how to generate a secure JWT secret key for HMAC algorithms (HS256, HS384, HS512) using OpenSSL, Python, Node.js, or an online generator.

Step-Up Authentication with Auth0

If you're using Auth0 for authentication, you can implement step-up authentication by leveraging the ID token and its claims. Learn how to enforce step-up authentication based on the user's context or the requested operation.

Step-Up Authentication with OpenID Connect

If you're using OpenID Connect for authentication, you can implement step-up authentication by leveraging the ID token and its claims. Learn how to enforce step-up authentication based on the user's context or the requested operation.

Understanding OpenID Connect and OAuth 2.0 Tokens

OpenID Connect and OAuth 2.0 have are several types of tokens, each serving distinct purposes. In this article, we’ll explore the different tokens, their formats, and their appropriate use cases.

JWT Signing Algorithms: How to choose the right one?

Choosing the right JWT signing algorithm is crucial to ensure the security of your application. In this article, we will discuss the different algorithms available and how to choose the right one.

JWT or Opaque Token : What is the best choice for M2M?

JWT or Opaque Tokens can serve both as authentication mechanisms for Machine to Machine (M2M) communications. But what is the best choice between each solution?

How to verify a JWT?

Validate JWTs (JSON Web Tokens) authenticity is important. In this article, we will explore the systematic approach developers should adopt to verify them.

Generate RSA Key Pairs with OpenSSL for signing JWT

This guide will take you step by step for generating RSA key pair using OpenSSL for signing JWT.

How to Manage Invalid Tokens in Web and Mobile Applications?

While JWTs are essential for secure communication between clients and servers, managing their lifecycle and ensuring their security can be challenging. In this blog post, we'll explore best practices for invalidating access tokens, including token revocation and rotation, and how to implement these mechanisms in OAuth2 and OpenID Connect.

How to Invalidate a JWT Access Token?

While JWTs are essential for secure communication between clients and servers, managing their lifecycle and ensuring their security can be challenging. In this blog post, we'll explore best practices for invalidating access tokens, including token revocation and rotation, and how to implement these mechanisms in OAuth2 and OpenID Connect.