Security / Developement

Tags: Serverless / API Gateway / Lambda / JWT / API Security

Introduction JSON Web Tokens are used in the OAuth and OpenID to connect systems together. Alot of time they are used in way that make them vulernable to many different attacks. For example, many reference implemenations show the JWT token being used directly in the browser but this may leave the application subject to replay attacks if the token is obtain by a third party actor. Your site is not secure becuase it used JWTs, it is secure because of how you use the JWTs.