📚 Tom's Notes

Search

❯

InfoSec - Tokens vs basic auth vs random keys

InfoSec - Tokens vs basic auth vs random keys

Jan 22, 20251 min read

infosec
web
dev

Cookies and tokens

https://tommihovi.com/2024/05/demystifying-cookies-and-tokens/

Spectacular article on pros and cons of all options

Random keys in DB
Basic auth
OAuth2.0
JWT
Macaroons
Biscuits
… https://fly.io/blog/api-tokens-a-tedious-survey/

Improved format for auth tokens

https://github.blog/engineering/platform-security/behind-githubs-new-authentication-token-formats/

If implementing JWT, best practices

https://datatracker.ietf.org/doc/html/rfc8725.html

https://www.appsecvillage.com/events/dc-2023/jwt-parkour-476657

JWT vulnerabilities

https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

Graph View

Cookies and tokens
Spectacular article on pros and cons of all options
Improved format for auth tokens
If implementing JWT, best practices
JWT vulnerabilities

Backlinks

No backlinks found

Created with Quartz v4.2.3 © 2025

GitHub
Discord Community