From the course: Web Security: OAuth and OpenID Connect (2019)
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Validating JWTs
From the course: Web Security: OAuth and OpenID Connect (2019)
Validating JWTs
- Validating a JWT is one of the most vitally important things in OAUTH, because that's how we establish trust. It doesn't matter which grant type we use, the language we've chosen, or what your boss says, the steps for validating a token are always the same. If you validate a token properly, we can trust it, and we're on the path towards a secure API and application. If you fail to validate tokens properly no amount of later security will ever help you. It's the equivalent of me going to the bank and trying to withdraw money from your account. A bank will ask for some sort of proof of identity, in a driver's license, a passport. And if I can't produce those, they'll ask me to leave. If they just believe me and don't ask me to prove it, well, you're going to have a very bad day. So let's walk through the steps to validate a token. And just to warn you, there are quite a few. And before we begin, it's worth noting that we'll…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.