JSON Web Tokens (JWT)

JSON Web Tokens (JWT)

TL;DR: Signed/encrypted tokens carrying claims. Bug surface: algorithm confusion, weak keys, kid injection, jku, jwk.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References