Leakage of Personal Information via JWT Access Token

  1. Personal information is contained
  2. Nonencrypted
  3. Stateless
  4. Stolen by unintended parties

--

--

--

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Native LGCY & USDL Documentation

Malware Mutants Ninja osquery

The best free password manager

“Privacy is Power: Why and How You Should Take Back Control of Your Data” by Carissa Véliz 2020

Embracing innovation by building privacy friendly apps

eLearnSecurity Pen Test Professional (PTP) Review

{UPDATE} 100 Turns Hack Free Resources Generator

IDO of CROD token on Crodo (April 1)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

More from Medium

Varnish Tutorial Part 1: HTTP Caching With Varnish

Expert: BestPal (Chatting) application using Huawei CloudDB, Auth service, Cloud Function and Push…

Golang Authentication Rest Api’s with MongoDB and JSON-web-token (JWT)

From RBAC to ABAC