Supply chain attacks are getting more and more popular. It is not only about your project dependencies, their dependencies dependencies and so on. Even popular libraries can (and are) compromised.
Anyway, among security professionals there is a strong movement to restrict JWT to authentication and not as session tokens.
Supply chain attacks are getting more and more popular. It is not only about your project dependencies, their dependencies dependencies and so on. Even popular libraries can (and are) compromised.
Anyway, among security professionals there is a strong movement to restrict JWT to authentication and not as session tokens.
You may want to look at curity.io/resources/architect/api-... or other articles about JWT (in)security.
Makes sense. Thank you for sharing!