Split Token Flow: A solution to the security problem of the JWT

OAuth2, OIDC, and their foundation, the JWT, has been an industry standard for many years, with no sign of slowing down. On the contrary, the OAuth RFC continues to be iteratively improved, aligning with FHIR and Open Banking principles.

All that to say, we should expect the OAuth flow to continue to reign supreme.

There are two types of access tokens in the OAuth flow, opaque and JWT (JWS more precisely). The problem with the JWT is the inherent leakiness. There is a massive debate amongst the community…

Sedky Abou-Shamalah

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store