top | item 44094076

(no title)

kro | 9 months ago

There is a jti claim that can be used for storing a token ID, so you could enforce tracking all issued tokens server side.

Cracking 256bit by brute force is unrealistically unlikely as you said, and there are many systems that could be compromised by that compute, an isolated jwt sig seems like just a very specific example.

A nice benefit of JWT for me is that it can be asymm signed and verified (ID tokens)

discuss

No comments yet.