Secret Rotation for JWT Tokens

10 January 2018

When you are using JSON Web Tokens (JWTs), or any other token technology that requires you to sign or encrypt payload information, it is important to set an expiration date to the token, so if the token expires, you can either assume that this might be considered a security breach and you refuse any communication using this token, or you can decide to enable the token by updating it with a new expiry date.

But it is also important to use some kind of secret rotation algorithm, so the secret used to sign or encrypt a token is periodically updated, so if the secret is compromised, the tokens leaked by this key is less than it would be otherwise. Also, in this way, you are decreasing the probability of a secret being broken.

Read full news article on Dzone

Date:

10 January 2018

Categorie(s):

NEWS

Tag(s):

Authentication, JWT, Secrets, Tokens

20 Best Linux Password Managers in 202428 April 2024
Reliable Web App Pattern: Now Optimizes Azure Migration with Enhanced Infrastructure and Security28 April 2024
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks28 April 2024
Good Security Is About Iteration, Not Perfection.28 April 2024
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 202428 April 2024