# What is Cybersecurity? (An anecdote about a JSON Web Token.)

"Is a web app secure just because I use a JWT?"

That is a question I had when I first learned about them.

## Learning is important.

I was impressed with how well designed were JWT, OIDC, SAML, and modern Identity Provider (IdP) solutions. The quality of the design I read about in the Request for Comments (RFCs) was impressive. Yet even after reading the RFCs and watching tutorials, something was still nagging at me.

## Test assumptions and concerns.

One day I decided to log into one web application and copied the JWT using the Chrome developer tools.

I went to another web application and opened the Chrome developer tools. I added the other site's JWT token and refreshed the page.

## A surprise outcome.

I logged in!

I had an active login, but there were multiple errors and missing data within the different views.

After some investigation, I realized the APIs validated the JWTs, but the web application client did not.

## What is cybersecurity?

Even well-designed solutions and technologies require secure implementation.

When something is nagging at us, or we suspect a potential flaw, we should take the time to investigate and test it.

## Before you go

%%[mailing-list]

### About the author

%%[bio]

<hr>

*Originally published on [Patreon](https://www.patreon.com/posts/51565746)*

*Photo by [ZSun Fu](https://unsplash.com/@zisun_word) on [Unsplash](https://unsplash.com)*
