-
JWT.io - Just go use thier debugger until you fully understand how simple JWTs are.
-
Dr Philippe De Ryck has lot of great stuff around JWT Security. A few good examples are:
- The hard parts of JWT security nobody talks about and video presentation.
- 7 Ways to Avoid JWT Security Pitfalls - which is probably easier to read than the Best Practices I dumped here, and was the inspiration to create this repository.
- And a presentation about The impact of XSS on OAuth 2.0 in SPAs (YouTube)
-
auth0 has a JWT Handbook (email required), and it mostly has the same information presented here.
-
As linked in the Attack Playbook page, the JWT_Tool is a great resource.