Explore Using JWTs for CSRF and Microservices

Motorcycle Fun Fact: Did you know that if you want to negotiate a right curve on a motorcycle, you start by nudging the handlebars to the left? This is called countersteering. The initial push to the left causes the motorcycle to lean to the right.

Last year, Micah Silverman embarked upon a Java Roadstorm on behalf of Stormpath. He toured a solid chunk of the eastern seaboard of the US on his motorcycle, visiting local Java user groups and talking about how to use JWTs to secure customer identity via two code examples: CSRF and microservices. You can check out his online travel log and read more about his journey, or you can watch the talk (below) which he recently presented at CactusCon on behalf of Okta.

In the first code example, Micah shares how he replaces the standard Spring Security CSRF (cross site request forgery) token mitigation with a JWT version. The second is a basic microservices example that demonstrates how to establish trust between two microservices using JWTs.

  • You can find Micah’s slides on speakerdeck: https://speakerdeck.com/dogeared/jwts-for-csrf-and-microservices

  • You can also find the code examples that back this talk on GitHub: https://github.com/dogeared/JavaRoadStorm_CactusCon_2017

  • And finally, check out our developer blog for more awesome Java content like this: https://developer.okta.com/blog/