JSON Web Tokens (JWTs) became widely used in authentication processes to transfer information in a JSON format while ensuring data integrity. However merely using a JWT is not enough to ensure your information is handled in a secure way. Due to its simplicity, it is common to change the configuration or misuse the data that is sent, thus building a vulnerable application while thinking it's perfectly secure.

In this talk you will learn what a JWT is and how to avoid common security mistakes when using it. We will discuss proper validation of the tokens, settings that disable the JWT signature and should be avoided, and what information should not be sent when creating a JWT.