Blog Security Research Analyzing Broken User Authentication Threats to JSON Web Tokens Nitzan Namer is a Security Researcher at Akamai. Executive summary \r\n Akamai researchers have analyzed JSON web tokens (JWTs) as a vector for broken user authentication attacks, which is in the Open Web Application Security Project (OWASP) API Security Top 10 , and uncovered different scenarios in which JWT threats and trends occur.  \r\n \r\n JWTs are responsible for securing APIs by issuing tokens (usually between clients and servers) to securely verify users. These tokens are one of the most common verification formats used and they contain information to be shared in the form of JSON objects.   \r\n \r\n Although each token isn’t encrypted, it is encoded and has a verification signature.…