Tanzu Tuesdays

See live demos of modern application development technologies.

Self-signed JWTs: Dos and Don'ts with Josh Cummings

Watch on Twitch
7:00 PM UTC on Tuesday, Jul 13, 2021

Self-signed JWTs: Dos and Don'ts with Josh Cummings

Jul 13, 2021

In this episode

If you are securing a REST API with JWTs, chances are you either 1. use an authorization server or 2. have read countless variations on how a REST API can mint its own JWTs. Is this a good idea? If so, how should you go about doing it? In this talk, we’ll start with an unsecured REST API and review the trade-offs of having it use self-signed JWTs. By the end, you’ll have a better idea whether this is an option for you.

Guests

Josh Cummings

Josh loves to code, and his kids love to code, too! Since the early days with a TRS-80 from Radio Shack, he’s loved building whatever came to mind. These days, he contributes full-time to the Spring Security codebase. He also is the author of a handful of Pluralsight courses about web application security in Java, which all feature Terracotta Bank, an open source intentionally-vulnerable web application that helps engineers practice ethical hacking as well as secure coding in Java.

Hosts

Tiffany Jernigan

Tiffany is a senior developer advocate at VMware and is focused on Kubernetes. She previously worked as a software developer and developer advocate (nerd whisperer) for containers at Amazon. She also formerly worked at Docker and Intel. Prior to that, she graduated from Georgia Tech with a degree in electrical engineering. In her free time she really likes to travel and dabble in photography. You can find her on Twitter @tiffanyfayj.

Report an issue