EuroPython 2022 - Let's talk about JWT - presented by Jessica Temporal [Wicklow Hall 1 on 2022-07-14] JSON Web tokens dominated the way we give access to APIs and how we carry data from users, but to use JWTs safely we need to understand how they came to life and how JWTs can be useful. In this talk we will take a closer look at the famous three-part structure that forms a JSON Web Token, and the claims each JWT can carry. But knowing it’s history and structure is not enough, we need also to understand the algorithms used in creating a token and how you can use JWTs as access tokens or as ID tokens. After understanding JWTs on a deeper level, we will create and validate a JWT together using the PyJWT library and discuss things you should avoid doing to be safer when using JWTs in your projects. 1. How did JWT come to life? Talk about the JOSE specification; 2. What actually is a JSON Web Token and its structure: header, payload, and signature; 3. What is a claim and its standardization efforts; 4. The different types of algorithms that can be used to create JWTs and what is JWKs; 5. Let's create a token together using PyJWT; 6. What is an access token and an ID token; 7. Things to avoid to be safer with JWTs This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License http://creativecommons.org/licenses/by-nc-sa/4.0/