I am creating JWT token by using username and password, it will get the JWT token as expected, But my one of the use case will create JWT token based on specific IP address. Let me know anyone has ideas to resolve this one?
Asked
Active
Viewed 1,021 times
0
-
why are you would like to use IP address? IP addresses will change a lot! A typical home user will have their IP changed once in a while, most people get dynamic IP allocation from their internet providers – Ismoil Shifoev Jan 02 '19 at 06:38
-
yes correct, In my use case for specific organisation will allow ip address based jwt authentication, Instead of creating the username, pwd for all members of organisation, just use global ip based jwt authenctications. – Elangovan Jan 02 '19 at 06:41
-
Why don't you just add a `Claim` named IP or something in the token? – Luke Vo Jul 29 '19 at 14:28
2 Answers
0
It works when each user has a static IP address. You can create a JWT with that IP and assign it to each user and later accept requests which have correct JWT. You should be aware of some attacks like IP spoofing. There are some methods like SSO which can be a better option for organization authentication/authorization.
Ehsan Mashhadi
- 2,568
- 1
- 19
- 30
0
You can check this page JWT Data Validation. Pay attention to JWT_CREATED and JWT_DECODED events, I think it's just what are you looking for.
Mihai Druta
- 21
- 5