JSON Web Tokens (JWTs) are a popular option in the authentication space, but there are some inherent risks. While you gain flexibility by using a JWT, you lose the ability to revoke a token once it’s issued. To minimize the time between an administrator locking a user account and the time at which a previously issued token expires, the JWT should be short lived. This time window, while designed to be brief is a common security concern. Traditional solutions to this problem defeat the benefits of using a portable identity. Inversoft has come up with a novel way to solve this issue in a complementary method. Brian Pontarelli will cover how to implement this JWT revoke strategy to reduce the vulnerability window.
Join Brian Pontarelli in this live coding event on Jul 27, 2017 2:00 PM, Eastern Time (US and Canada). Brian Pontarelli is the CEO of Inversoft, a Denver-based company that allows developers to offload their authentication, authorization and user management needs. Before Brian bootstrapped Inversoft, he studied computer engineering at the University of Colorado Boulder. After graduating, he worked at a variety of companies including Orbitz, US Freightways, XOR and Texturemedia.
EDITED on August 1, 2017:
Missed the live coding event? See the replay here: https://developer.ibm.com/tv/learn-how-to-revoke-json-web-tokens/