Gain insights into JWT, OAuth2, and OpenID Connect. Learn about HTTPS, encryption, and handshake techniques, and explore foundational concepts in web API security for enhanced application protection.

Web application developers are always on the lookout for ways to secure their applications. It has become the most fundamental part of any web application considering the rise in the number of cyber-attacks. This course will be your handy guide to the basic terminologies and frameworks related to web application security.

 In this course, you will learn what JWT is, how a JWT is created, and what benefits it provides in token-based authentication. You will learn about why HTTPS was introduced and how it revolutionized the way data is transferred using techniques like encryption and handshake. You will also dive deep into the most commonly used authentication and authorization frameworks called OAuth and OpenId Connect. This course will give you a taste of what web API security is all about and will give you the foundation so you can further your learning of application security.

Web Security and Access Management: JWT, OAuth2 & OpenId Connect

So far, we have discussed how JWTs are a secure way of exchanging information authentication.

Although JWT is a robust mechanism, it is still prone to attacks. In this lesson, we will discuss what happens if a JWT is stolen. We will also discuss how a hacker can make changes in a token and mislead us in believing that it is a valid token.




# What would happen if JWT is stolen

If a hacker somehow gets access to our JWT, then there are two issues that we  face:


## 1. Hacker can view sensitive information available in the token

As we discussed earlier, a JWT string is just base64 encoding of the header, payload, and signature. If a hacker gets access to the token, then they can decode it and see the information within the token. Thus, it is advisable for the tokens to not contain any sensitive information like passwords.


## 2. The token can be used to access the application

If your JWT is stolen or compromised, then the attacker has full access to your account. The attacker can send requests to applications, pretending to be you, and can make potentially harmful changes. One good thing is that the tokens expire after some time, so the hacker will only be able to use the token for a limited amount of time.




In this lesson, we will discuss what happens when a JWT is stolen.

Getting started with Web Application Security

HTTPS Basics

JSON Web Token

OAuth

OpenID Connect

Conclusion

Stolen JWTs

What would happen if JWT is stolen

1. Hacker can view sensitive information available in the token