JWT security is a common topic in interviews. Here are the main security risks and protection measures for JWT:
Major Security Risks
1. Algorithm Confusion Attack
Attackers change the signing algorithm from asymmetric (like RS256) to symmetric (like HS256) and use the public key as the secret to forge signatures.
Protection Measures:
- Strictly verify the signing algorithm, don't allow clients to specify the algorithm
- Fix the use of secure signing algorithms on the server side
- Reject the use of
nonealgorithm
2. Token Leakage
JWT is stored on the client side and can be stolen through XSS attacks.
Protection Measures:
- Use HttpOnly Cookie to store JWT, preventing JavaScript access
- Set SameSite attribute to Strict or Lax to prevent CSRF attacks
- Use HTTPS for transmission to prevent man-in-the-middle attacks
- Set short expiration times and implement Token refresh mechanism
3. Payload Information Leakage
JWT's Payload is only Base64 encoded, not encrypted, and anyone can decode and view it.
Protection Measures:
- Don't store sensitive information in Payload (like passwords, ID numbers)
- Only store necessary user identification information
- Use JWE (JSON Web Encryption) if sensitive data needs to be transmitted
4. Token Cannot Be Actively Revoked
Once JWT is issued, it cannot be actively revoked before expiration.
Protection Measures:
- Set reasonable expiration times (typically 15-30 minutes)
- Implement Token blacklist mechanism (using Redis storage)
- Use Refresh Token mechanism: short-term Access Token + long-term Refresh Token
- Perform secondary verification for critical operations
5. Replay Attack
Attackers intercept valid JWTs and reuse them.
Protection Measures:
- Use jti (JWT ID) claim, each Token is unique
- Implement blacklist of used Tokens
- Add nonce or timestamp verification
Security Best Practices
1. Signature Algorithm Selection
- HS256: HMAC SHA256, symmetric encryption, complex key management
- RS256: RSA SHA256, asymmetric encryption, more secure, recommended
- ES256: ECDSA SHA256, better performance, shorter signature
- Avoid using:
nonealgorithm, weak algorithms (HS1, HS512)
2. Key Management
- Use sufficiently strong keys (at least 256 bits)
- Regularly rotate keys
- Store keys in secure places (environment variables, key management services)
- Don't hardcode keys in code
3. Token Configuration
{ "iss": "your-domain.com", // Issuer "sub": "user-id", // Subject "aud": "your-api", // Audience "exp": 1516239022, // Expiration time "nbf": 1516239022, // Not before "iat": 1516239022, // Issued at "jti": "unique-token-id" // JWT ID }
4. Transmission Security
- Always use HTTPS
- Pass in Authorization Header:
Bearer <token> - Don't pass JWT in URL
5. Storage Security
- Prefer HttpOnly Cookie
- If using LocalStorage, ensure XSS protection
- Implement automatic Token refresh mechanism
6. Monitoring and Auditing
- Log Token issuance, verification, and refresh operations
- Monitor abnormal Token usage patterns
- Implement rate limiting to prevent brute force attacks
Security Checklist
- Use strong signing algorithms (RS256 or ES256)
- Set reasonable expiration times
- Use HTTPS for transmission
- Don't store sensitive information in Payload
- Implement Token refresh mechanism
- Add jti claim to prevent replay
- Use HttpOnly Cookie for storage
- Implement Token blacklist
- Secure key storage and regular rotation
- Monitoring and logging
By implementing these measures, JWT security can be significantly improved.