JWTs and Why They Suck

Explore the pitfalls and limitations of JSON Web Tokens (JWTs) in this 15-minute conference talk from Security BSides London. Delve into the reasons why JWTs may not be the ideal solution for many applications, covering topics such as irrevocability, excessive flexibility, and potential security risks. Learn about common misconceptions surrounding the necessity of JWTs and discover alternative approaches that may better suit your needs. Gain valuable insights into secure authentication and authorization practices, supported by references and practical recommendations.

Intro
how do i JWT
Irrevocable
JSON
YOU DON'T NEED IT
Too flexible
Footguns
Why you think you need JWTS
What to use instead
References