Tag Archives: JWT

It’s that time of year… when people think about exchanging JWT for opaque tokens

Yes, it’s that time of year when people think about RFC7523, which describes how to exchange JWT for opaque OAuth tokens. Right? If you’re like me, the waves of acronyms, jargon, and IETF RFCs (see what I did there?) seem to never end. OAuth, JWT, RFC 7523, JTI, … Continue reading »


Developer , , , ,

Google Guava – sweet and succulent

I have a bit of java code that handles JWT. It generates a MACVerifier and then uses that to verify a signature. Someone commented that it was taking more time than they expected. I didn’t see a ton of opportunity for optimization, but I thought I might wrap … Continue reading »


Developer , , ,

Webinar on OpenID Connect and JWT in Apigee Edge, featuring yours truly

Here’s the replay of the Webinar, on OpenID Connect and JWT that I did with Vinit Mehta a week ago or so. It’s about 45 minutes long. If you have questions, you can post them to The Apigee Community


Developer , ,

I don’t see the point in Revoking or Blacklisting JWT

I heard someone asking today for support for Revocation of JWT, and I thought about it a little, and decided I don’t see the point. Specifically, I don’t see the point of the process described in this post regarding “Blacklisting JWT in express-jwt“. I believe that it’s possible … Continue reading »


Architecture , ,