Stack Overflow
Stack Overflow

Questions tagged [jose]

JOSE (Javascript Object Signing and Encryption) is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties

JOSE (Javascript Object Signing and Encryption) is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties

The JOSE framework provides a collection of specifications to serve this purpose. A JSON Web Token (JWT) contains claims that can be used to allow a system to apply access control to resources it owns.

One potential use case of the JWT is as the means of authentication and authorization for a system that exposes resources through an OAuth 2.0 model.

Official Website

131 questions
0
votes
1 answer

Decrypt and verify locally Play Integrity API Token using NodeJS

Google gives an option to locally extract the play Integrity API Token. Even example with Java is provided here. But many servers are Node.js based. So, how can I decrypt the Play Integrity API token locally with Node.js?
Nafis Abdullah Khan
  • 2,062
  • 3
  • 22
  • 39
0
votes
1 answer

How to create a privateKey/publicKey pair of KeyObject return type and 256 bits length in Node.js?

How to create a privateKey/publicKey pair of KeyObject return type and 256 bits length in Node.js? Kindly ask you to provide a working example. I tried this one: const { generateKeyPair } = require('node:crypto'); generateKeyPair( 'rsa', { …
Gleb Gaiduk
  • 363
  • 4
  • 13
0
votes
1 answer

Why two Node.js Buffers are equal when the allocated strings are different?

Kindly ask you to help with the following. I'm trying to understand how the JOSE library works for JWE creating/validation in Node.js. To create a JWE I need a secret key in KeyObject or Uint8Array format. I have a secret string in my .env file and…
Gleb Gaiduk
  • 363
  • 4
  • 13
0
votes
1 answer

JWT signature for both node.js and browsers

I want to authenticate Salesforce's OAuth 2.0 JWT Bearer Flow with both node.js and Browser. I have created a public key and a private key on Windows with the following command. openssl req -x509 -sha256 -nodes -days 36500 -newkey rsa:2048 -keyout…
dyn-do
  • 13
  • 3
0
votes
0 answers

Can you store a JOSE token in localStorage?

I was reading about JWTs and how you shouldn't store them in localStorage - its insecure. But if it is encrypted with a server's private key, with the JOSE standard, can I store it in localStorage? Is that secure from XSS and other attacks that…
SamTheProgrammer
  • 1,051
  • 1
  • 10
  • 28
0
votes
1 answer

Difference between JWK generated with different libraries

I am working on migration from php to Java, while doing so , I encountered a JWK that is being generated with spomky-jose/JWKFactory (let's call that JWK-P) while for generating JWK in Java , I am using nimbus-jose-jwt library (let's call that…
Prakhar
  • 41
  • 6
0
votes
1 answer

Unsupported JWS algorithm PS256, must be RS256, RS384, RS512, PS256, PS384 or PS512

I am trying to generate a JWS (using nimbusds library) to be used as a request payload for a POST API. I have a private key and set of PEM certificates to generate this JWS, I am trying using following steps : generated JWKs using RSA key pair and…
Prakhar
  • 41
  • 6
0
votes
1 answer

Uploading python-jose to cloud run fails

So I've created this Flask-app which is going to serve as my backend for a custom app. To handle the creation of JWT-tokens, I've decided upon using an encrypted JWS (a JWS inside of a JWE). For this, I've chosen to use the python-jose package. I've…
Emil Wallgren
  • 23
  • 5
0
votes
1 answer

Create a NodeJS KeyObject from a string

How do I create a NodeJS Crypto KeyObject from the randomish string in my .env file? I was using jsonwebtoken to create/verify JWTs, but it can't run in nextjs middleware edge functions, so I want to migrate to using jose. The problem is that in…
TJBlackman
  • 1,895
  • 3
  • 20
  • 46
0
votes
2 answers

Storing keys - Should I store private keys in PEM or JWK JSON format?

Which is more conventional? For cross-platform; it is ok to store and use JWK in the JSON format? Do I need to encrypt them before storing it in a database?
Lee
  • 703
  • 6
  • 20
0
votes
0 answers

Verify JWT Token data with C#

I am trying to verify a JWT token signed with RSA256 in C#. The token was created on the server side in Javascript with the jwt library called Jose-jwt. I am veryfing the token in a WinForms app using C#'s System.Security.Cryptography namespace…
tutiplain
  • 1,427
  • 4
  • 19
  • 37
0
votes
0 answers

How to protect a payload assuming we don't have SSL?

Say I want Bob to be able to send Alice a message using her public key over a curl -X POST http://$DOMAIN/... type endpoint. There are step by step instructions for this use case using "nacl" and step-cli's step crypto nacl box, however I am…
hendry
  • 9,725
  • 18
  • 81
  • 139
0
votes
0 answers

How to add expire date and verify token in AsymmetricCipherKeyPair( jose-jwt and BouncyCastle) C#?

we use the https://github.com/dvsekhvalnov/jose-jwt library to generate tokens which we can then transmit to other microservices to identify and authorize the information. We also use it to get all the functionality https://www.bouncycastle.org/. My…
Ivailo Sakaliev
  • 1
  • 2
0
votes
1 answer

Verifying JWT tokens generated with PHP in Node

I'm working on implementing JWT verification in a client-side web-application that's using Webpack5. When a user is created on the backend running PHP, I create a public and private keypair for use in JWT like this and store them: $keyPair =…
Dixos
  • 93
  • 1
  • 10
0
votes
0 answers

How to find the JOSE signing key?

My goal is to determine which kid is used to sign a specific payload: try { bearerToken = getBearerToken(req.headers); console.log("token", { bearerToken }); // if the bearerToken is signed by another kid, how do i…
hendry
  • 9,725
  • 18
  • 81
  • 139
1 2 3
8 9