I don't understand. At 38:20 speaker says : "To get the public key that's used to sign my token". Don't we usually sign with a private key and validate signature with a public key? Also this public key is supposed to be deposit on the microsec-order-service running on port 8085 (see : 33:39) But the speaker finds it on port 8080 (see 38:45). I'm lost. Can anyone explain please?
Do not ever use JWT, ever period ever. It's an utterly pointless mechanism which is either utterly insecure or it's just a session identifier wrapped in a butload of crap that isn't needed nor does it provide any security.
+ Concise, to the point and well demoed.
- Video looks like a CamRip. Why not directly stream speaker's screen instead ?
can we have access to the 4 hour version?
Awesome , it's really informative thank you very much...
can anyone tell me the link for the 4-hour version of this?
Doubt the 4 hour version was actually presented. Just presentation banter
I don't understand. At 38:20 speaker says : "To get the public key that's used to sign my token". Don't we usually sign with a private key and validate signature with a public key?
Also this public key is supposed to be deposit on the microsec-order-service running on port 8085 (see : 33:39) But the speaker finds it on port 8080 (see 38:45). I'm lost. Can anyone explain please?
Same here. It should be a private key but when he said it can be accessed.. I got lost :)
where can I get github url of demo app?
great video
can anyone help me how to implement authentication and authorization between microservices using jwt?
Can you please publish slideshare link for this presentation here ?
qconsf.com/system/files/presentation-slides/qconsf_2016microservices_security.pptx
can you please share code link?
Thanks for the video. Personal tip: stop tinkering with the camera while the video plays; it's very distracting!
Do not ever use JWT, ever period ever.
It's an utterly pointless mechanism which is either utterly insecure or it's just a session identifier wrapped in a butload of crap that isn't needed nor does it provide any security.
why is jwt insecure? thanks