page without entering the secret key can be decoded

Asked Mar 20 '20 at 17:02

Active Mar 20 '20 at 17:02

Viewed 19 times

I am new to jwt, I am trying to generate a token with a secret key, and I pretend that it cannot be decoded without having entered the correct key. I am encoding as follows:

If I enter the page https://jwt.io/ I can decode it correctly without having entered the secret key. why? and how can i fix it?

jwt.sign({ foo: 'bar' }, privateKey, "secret_key", function(err, token) {
  console.log(token);
});

asked Mar 20 '20 at 17:02

yavg

2,761
7
45
115

The signing is for verifying the payload hasn't been tampered with, not encrypting the payload. See e.g. https://stackoverflow.com/q/34136770/3001761 – jonrsharpe Mar 20 '20 at 17:05
@jonrsharpe Thanks for answering, do you know of a good tutorial or something I can do to encrypt my data with a secret key? I don't understand then what the jwt secret key is for. – yavg Mar 20 '20 at 17:08

I am using a secret key to encrypt my token, but the https://jwt.io/ page without entering the secret key can be decoded

0 Answers0