Menu
I was going through the JWT auth. It looks pretty good. However I have a question that is the JWT authentication prone to Man in the Middle attack ? Can someone get this token while it is being sent. If so, then with the token and a fake request(obviously with a correct url) the data can be fetched ?
Is this even a valid scenario ?
Any views are appreciated
709
JWT without https is prone to man in the middle attack, You should use it with https protocol to minimize the risk.
You can make it even more secure by adding IP address of client as a private claim to JWT token and validate that as well.
68
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
