What happens first in a request having both CSRF Token and JWT token, authentication or authorization?

This question came across my mind when I sent an ajax request from html to a backend django server and forgot to add a csrf token to the request payload and recieved this error.

403 error means that the request was unauthorized.
I know th… Continue reading What happens first in a request having both CSRF Token and JWT token, authentication or authorization?

How is client side JWT signature validation beneficial from a security perspective?

I’ve been reading about how clients can verify JWT signatures using a public key provided by the server. I’m struggling to understand how this solves any issues.
The only attack I’ve seen which this claims to solve is when a reverse proxy … Continue reading How is client side JWT signature validation beneficial from a security perspective?

Will a verified JWT token always ensure that user is authenticated when signed by an authentication server?

Prerequisites
I have a client application (CA), an authentication server (AS) and a resource server (RS).
The resources on the RS must be accessed and usable only by authenticated users which have the authorization to do so.
The AS and RS … Continue reading Will a verified JWT token always ensure that user is authenticated when signed by an authentication server?