|
|
|
|
|
|
by tracker1
3386 days ago
|
|
|
For a recent service I wrote, it requires the JWT to expire in less than a minute.. which would at least minimize replay attacks and entirely possible to do something similar. Though client certs is definitely safer all around, more involved to spread around to apps talking to each other though. |
|
|