https://bugzilla.suse.com/show_bug.cgi?id=1219688 https://bugzilla.suse.com/show_bug.cgi?id=1219688#c5 Paolo Perego <paolo.perego@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |paolo.perego@suse.com --- Comment #5 from Paolo Perego <paolo.perego@suse.com> --- Hi everybody. Just some random inputs for JWT. Please make sure to sign or encrypt the token with JWT specific facilities, transferring it only on HTTPS and if you will store it in a cookie to set it as HttpOnly and Secure. There is also a Owasp provided cheatsheet for JWT tokens you can find here: https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat... Another point of attention is for digital cerficate. Please make sure to let the client validate the certificate when doing HTTPS calls. However I didn't understand the scenario... both client and server will run on the same host, correct? -- You are receiving this mail because: You are on the CC list for the bug.