Discussion on "Securing your JSON Web Tokens the correct way."

Taiwo Hassan Yusuf · 2021-06-27T12:38:46.962Z

What is a JSON Web Token and how does it work? JSON Web Token is a very popular method of keeping sessions in web applications. The flow of implementation is simple and straightforward. However, are your JSON Web Tokens really secured? Are your paylo...

Great article, thanks for sharing.

Nice article Taiwo, thanks for sharing. This however begs the question why do you want to encrypt your jwt since at the end of the day, you're sending it to the Frontend (unless it's for server to server communication).

One major catch for jwt is do they can be decrypted on the client side and the data displayed to the user or used for some basic controls.

When you encrypt that, you will have to share the encryption key with the frontend which makes it unsafe anymore.

What is your thought on this?

Thanks for reading.

Concerning the need to encrypt ones JWT, I believe there is no right or wrong answer as it can be platform and developer specific. However, if anyone chooses to encrypt their JWTs, it is only natural that they give an alternative source of the information that would be otherwise extracted from the JWT.
To conclude, too little security is always more of a concern than too much. In the case where there is no need for the front-end to decode the JWT for any information, I believe there is no such thing as too much security. Thanks

Discussion

Securing your JSON Web Tokens the correct way.

Responses(2)

Recent in Forum

Search Hashnode

Securing your JSON Web Tokens the correct way.

Responses(2)

Recent in Forum