|
|
|
|
|
|
by andreareina
2315 days ago
|
|
|
JWT allows for the tokens to be signed using any of several algorithms, including none[1]. Pinning would restrict this to preferably just one, but at the very least should not allow unauthenticated tokens. [1] https://tools.ietf.org/html/rfc7518#section-3 |
|
|