David Min – WindowsTechs.com

X.509 certificate’s signature algorithm vs. algorithm used in key derived from it to verify a signature

Posted on October 27, 2021 by David Min

I have the following from Google’s public certs for verifying JWT ID
—–BEGIN CERTIFICATE—–
MIIDHDCCAgSgAwIBAgIIW4K0b18ff70wDQYJKoZIhvcNAQEFBQAwMTEvMC0GA1UE
AxMmc2VjdXJldG9rZW4uc3lzdGVtLmdzZXJ2aWNlYWNjb3VudC5jb20wHhcNMjEx
MDIzMDkyMDI1… Continue reading X.509 certificate’s signature algorithm vs. algorithm used in key derived from it to verify a signature→

HMAC hashing vs JWTs for stateless authentication

Posted on October 24, 2021 by David Min

For simple authentication with backend services, without more sophisticated needs (e.g. roles and scopes), is there any security benefit in using JWTs instead of sending HMAC hashes to verify a payload?
HMAC:

Client generates a timestamp … Continue reading HMAC hashing vs JWTs for stateless authentication→

How to architect cross-device sign-in

Posted on July 27, 2021 by David Min

Taking Microsoft Authenticator for Microsoft accounts and WhatsApp Web as examples:

Both allow one device to request authentication, and another one to receive the authentication success. How are these implemented at a high level?
My use … Continue reading How to architect cross-device sign-in→