Address concerns related to JWT
Issue #606
new
Comments (3)
-
-
- changed status to new
-
A bit more context - that “movie” is recording of the “JWT or Not: Personally Insecure Reflections on Software (In)Security” session at the Identiverse conference last year.
- Log in to comment
This kind of question comes up every now and then.
Creating a FAQ on the use of JWT is a good idea.
Perhaps Oauth.net has one?
Brian has a movie https://www.youtube.com/watch?v=IgKRGS6cQWw on the topic.
Perhaps documenting on what OpenID does only? e.g., ID Token, JAR, JARM, Signed Introspection response.