Hacking JSON Web Tokens
This lesson discusses the various methods in which a hacker can hack the JWT.
We'll cover the following...
At this point, we have discussed the ins and outs of JWTs. We have seen how they are generated, validated, and how their keys are managed. We have also discussed what would happen if an attacker steals our JWT. But there is one thing which we have not discussed yet: is it possible for an attacker to create a JWT (without knowing your secret key or private key) and making you believe that this is a valid token?
In other words, is it possible for an attacker to change the data within a token, and have it still be validated by our server? Unfortunately, there are some ways through which an attacker can do ...