Tanzu Tuesdays

See live demos of modern application development technologies.

Self-signed JWTs: Dos and Don'ts with Josh Cummings

Watch on Twitch
12:00 PM PDT on Tuesday, Jul 13, 2021

Self-signed JWTs: Dos and Don'ts with Josh Cummings

Self-signed JWTs: Dos and Don'ts with Josh Cummings

Jul 13 2021

In this episode

If you are securing a REST API with JWTs, chances are you either 1. use an authorization server or 2. have read countless variations on how a REST API can mint its own JWTs. Is this a good idea? If so, how should you go about doing it? In this talk, we’ll start with an unsecured REST API and review the trade-offs of having it use self-signed JWTs. By the end, you’ll have a better idea whether this is an option for you.


Josh Cummings

Josh loves to code, and his kids love to code, too! Since the early days with a TRS-80 from Radio Shack, he’s loved building whatever came to mind. These days, he contributes full-time to the Spring Security codebase. He also is the author of a handful of Pluralsight courses about web application security in Java, which all feature Terracotta Bank, an open source intentionally-vulnerable web application that helps engineers practice ethical hacking as well as secure coding in Java.


Tiffany Jernigan

Tiffany is a senior developer advocate at VMware and is focused on Kubernetes. She previously worked as a software developer and developer advocate (nerd whisperer) for containers at Amazon. She also formerly worked at Docker and Intel. Prior to that, she graduated from Georgia Tech with a degree in electrical engineering. In her free time she likes to spend time with her fiancé, family, and friends, as well as dabble in photography. You can find her on Twitter @tiffanyfayj.