Tag: jwt

Found 230 results for 'jwt'.

1) xss - CSRF tokens for a JWT-auth system using cookies
2) authentication - Is using JWT token for "remember me" less secure than random session token?
3) web-application - JWT or session cookie for API for both web and mobile app?
4) signature - what are the advatanges and disavantages of the digital signature algorithms for JWT?
5) jwt - JWT Keys - Asymmetric and Symmetric
6) xss - Split a JWT between payload and signature
7) xss - JWT cookie with CSRF token as a claim inside the JWT
8) cookies - CSRF Protection Is Needed for GET Requests
9) web-application - Can JWT authentication act as an anti-CSRF mechanism?
10) csrf - How do I protect a Laravel backend API from hijacking/CSRF when there is a React frontend?
11) authentication - Is this security scheme using passwords, short-lived access JWTs, and long-lived refresh tokens a good way to secure a REST API?
12) jwt - Should a refresh token be linked to a single access token, and what is the ideal refresh flow?
13) authentication - Stateless authentication with JWT: refresh token is not stateless
14) encryption - JWT for authentication and authorization and protecting an API. It's feasible / secure?
15) web-application - Is ensuring that a random string in a cookie and a header are the same enough to protect against XSRF?
16) tls - Is a security flaw created in extending TLS to bind and propagage a client-side JWT?
17) encryption - Would encrypting a signed JWT prove viable to secure claims payload?
18) security - JWT (JSON Web Token) automatic prolongation of expiration
19) security - If you can decode JWT, how are they secure?
20) public-key - Compromise between HMAC and Digital Signature, by encrypting and sending secret key?
21) algorithm-design - HMAC vs ECDSA for JWT
22) public-key - How can one validate with a public key a JWT signature generated with a private key?
23) rsa - sign data and append certificate VS sign data and certificate
24) rsa - Does the signature length of RS256 depend on the size of the RSA key used for signing?
25) authentication - Is there a downside to sending a refresh token on every request to an API?
26) csrf - Is a JWT usable as a CSRF token?
27) web-application - Can XHR patching prevent XSS side-effects?
28) xss - Authentication with JWT
29) authentication - Should I check if the token is valid each time a user navigates on my app?
30) authentication - Is using the JWT token to perform queries, as opposed to a raw value in its payload, considered a good practice?
31) authentication - Preventing replay attacks with JWT
32) xss - How to implement the CSRF token mechanism for restful APIs?
33) authentication - oidc authentication webapp REST api
34) authentication - Is it secure to refesh a JSON Web Token (JWT) auth token using the user credentials?
35) authentication - How to handle refresh tokens
36) mobile - Store user credentials vs store refresh token
37) authentication - Should a logout request be authenticated?
38) authentication - JWT access token and refresh token
39) tls - Using Refresh Token inside of Access Token without HTTPS
40) authentication - Using JTWs in OAuth Implementation
41) jwt - Is refreshing an expired JWT token a good strategy?
42) authentication - Is refresh token nessesary with HTTPS
43) xss - security issues in JWT storage
44) authentication - Having a JWT that doesn't expire
45) web-application - Is there a reason not to store a JWT as hardened cookie?
46) account-security - jwt symmetric signature security risks (from client side)
47) http - Can I prevent a replay attack of my signed JWTs?
48) api - Preventing jwt replay attacks against the client-side
49) certificates - Implications of using a self-signed certificate to sign JWT tokens in OAuth
50) symmetric - Is symmetric encryption with a key containing the userId passes as authentication?