Unit:
Department of Informatics and TelecommunicationsΠληροφορική
Supervisors info:
Δρ. Ιωάννης Χαμόδρακας, Εργαστηριακό Διδακτικό Προσωπικό (ΕΔΙΠ), Τμήμα Πληροφορικής και Τηλεπικοινωνιών, Εθνικό και Καποδιστριακό Πανεπιστήμιο Αθηνών
Original Title:
JSON Web Token vulnerabilities and their Mitigation
Translated title:
JSON Web Token vulnerabilities and their Mitigation
Summary:
In modern web applications and especially in single page applications, the most common way to authenticate a user is the open standard JSON Web Token due to its ease of use in combination with the increased security it offers compared to other authentication practices. However, its use does not immediately make the application invulnerable to safety threats, as there are some subtle points that without proper understanding and an incorrect implementation, can lead to significant security gaps. Even though there are many frameworks and standards providing a very secure authorization and authentication environment (like OAuth, OpenID Connect, SAML), there are cases where developers and businesses would like to opt for a custom, low-level implementation from scratch. This research aims to analyze strong and weak points of JWT and then present comprehensive ways to integrate them into web applications, eliminating occurring vulnerabilities. Finally, a thorough functionality description will be presented in order to illustrate how and why the implementation addresses the aforementioned security gaps.
Main subject category:
Technology - Computer science
Keywords:
Access Token, Refresh Token, JWT Revocation, Service Worker JWT Authentication
