Are you sure your access tokens are really secure?

You've read about OAuth 2.0 and decided to secure your web API using JWT access tokens. To implement this, you're likely relying on an open-source library to parse and validate these tokens, confident that your configuration will only accept tokens from your trusted issuer or token service. But here's the real question: are you absolutely certain that your API only accepts access tokens issued by your service? In this session, I’ll expose some shocking tricks that can bypass improperly configured token validation. You’ll see firsthand how easy it can be to fool your API if you’re not careful. But don’t worry, I’ll also walk you through how to write tests that ensure your application is protected against these exploits, keeping your data and users safe.

Speakers

headshot for Wesley Cabus

Wesley Cabus

Location

Lustikulla Konferens & Event
Liljeholmsvägen 18
Stockholm, 117 61
An unhandled error has occurred. Reload 🗙