What dangerous behavior does the JWT alg: none attack rely on?
alg none: if a verifier honors the header's alg set to none, an attacker can forge tokens with no signature. Verifiers must enforce an expected algorithm and never trust the token to specify it.
2 / 5
Why is putting sensitive data in a JWT payload a mistake?
Readable payload: a standard signed JWT (JWS) protects integrity, not confidentiality. The claims are merely base64url-encoded and trivially decoded, so never store secrets there unless using encrypted JWE.
3 / 5
Why is token revocation hard with stateless JWTs?
Revocation challenge: because verification is stateless, there is no built-in way to invalidate an issued token early. Mitigations include short expiry plus refresh tokens, or a server-side denylist (which reintroduces state).
4 / 5
What is the key confusion (RS256 to HS256) attack?
Algorithm confusion: if the server uses an RSA public key but a flawed verifier treats it as an HMAC secret, an attacker who knows the public key can forge HS256-signed tokens. Pin the expected algorithm to prevent this.
5 / 5
Why should JWTs have a short exp (expiration)?
Short expiry: because you cannot easily revoke a JWT, keeping its lifetime short limits the damage from theft. A separate refresh-token flow issues new short-lived access tokens.