Overview
JSON Web Token (JWT) is an open standard for sharing security information between a client and a server.
This instructor-led, live training (online or onsite) is aimed at developers who wish to use JWT to transmit information between different parties as a JSON object.
By the end of this training, participants will be able to:
- Understand the JWT structure and use cases.
- Learn how to validate and invalidate JWTs.
- Manage Cryptographic keys.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
Course Customization Options
- To request a customized training for this course, please contact us to arrange.
Requirements
- Basic knowledge of web service
Audience
- Developers
Course Outline
Introduction
- Overview of JWT structure
- JWT common use cases
JWT Validation
- Symmetric token signature
- Asymmetric token signature
- Validating tokens
- Validating claims
Stolen JWTs
- Dealing with stolen JWTs
- JWT storage
- Invalidating JWTs
Managing a Cryptographic Key
- Overview of secret keys
- Embedding the public key
- Embedding a URL containing the key
Hacking JWTs
- Brute force approach
- Modifying the algorithm RS256 to HS256
- None algorithm approach
Summary and Next Steps