JWT Starter Pack

This is a reference to a list of gathered articles while studying about security vulnerabilities of JWT.

If you are already using JWT

Here’s what not to do:

• Stop using JWT for sessions
• Stop using JWT for sessions, part 2: Why your solution doesn’t work

Storing in cookies? Ensure protection against CSRF:

• What’s CSRF? - Cheatsheet
• StackOverflow answer

New to JWT

• JWT Best Practices — A zero-to-hero guide