Security / Developement

Tags: Serverless / API Gateway / Lambda / JWT / API Security

Introduction JSON Web Tokens are used in the OAuth and OpenID to connect systems together. A lot of time they are used in way that make them vulnerable to many different attacks. For example, many reference implementations show the JWT token being used directly in the browser but this may leave the application subject to replay attacks if the token is obtain by a third party actor. Your site is not secure because it used JWTs, it is secure because of how you use the JWTs.