Stack Overflow
Stack Overflow

Questions tagged [json-web-signature]

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures.

It consists of:

  • A JOSE Header (the union of the JWS Protected Header and the JWS Unprotected Header), describing the digital signature or MAC used to generate the signature
  • A JWS Payload, which is the content to be transmitted
  • A JWS Signature

The JWS Signature can be used by the recipient of the JWS to verify the integrity of the JWS Protected Header, JWS Payload and JWS Signature.

It is specified in RFC 7515.

32 questions
1
vote
1 answer

How can I validate a JWSObject that has a "crit" value in its headers?

I'm trying to write some code to sign and validate payloads using my private/public keys in java following JOSE standards. I need to use the PS256 encryption algorithm for this. I'm using connect2id's library Nimbus JOSE + JWT. I'm able to get to…
elevenothree
  • 45
  • 4
0
votes
0 answers

JWS Java algorithm to Deno's jose (node.js)

I have the following code for JWS verification in Java: /** * Step 1 - Load signing keys via jwks file */ String JWKS_URL = "https://vf11gtostorage1.blob.core.windows.net/test-webhook-sign-keys/test-webhook-sign-keys.jwks"; // on first startup…
Tal
  • 613
  • 1
  • 7
  • 19
0
votes
0 answers

How to generate JWT signed token using keyId using JWS header in c#

User redirected to my website throw a redirected url from a thirdparty website, I wanted to verify that redirected URL, the thirdparty signs the redirected url using RSA private key using RS256 algorithm then put it as a signature in the url. The…
Fazla Elahi Md Jubayer
  • 177
  • 2
  • 12
0
votes
1 answer

OAuth2 Authorization code as self encoded token

I am working on a demo project where I have to implement an authorization server for the OAuth2 flow. I was investigating on the best practices for the authorization code, when I read here that: Because authorization codes are meant to be…
Marco Luzzara
  • 5,540
  • 3
  • 16
  • 42
0
votes
1 answer

ACME Client Implementation

I am currently working on my own ACME client implementation. I generated the following JWS: {"protected":…
moritzzirom
  • 3
  • 1
0
votes
1 answer

JWS Signing with RSA 256 privatekey with Algorithm RSASSA-PKCS1-v1.5 SHA-256

I need some help with JWS Signing with RSA 256 privatekey -RSASSA-PKCS1-v1.5 SHA-256 I m working on SAP PI/PO. I am unable to retrieve the RSA privatekey saved in server's OS folder, so I am trying to pass the pem(base64 encoded) key as a string. My…
Harry
  • 3
  • 3
0
votes
0 answers

How to concat JWS header, JWS payload and JWS Signature using RFC 7515 in python?

header= {"typ":"JWT","alg":"HS256"} payload = {"iss":"joe","exp":1300819380,"http://example.com/is_root":True} secret='3d6f45a5fc12445dbac2f59c3b6c7cb1' Encoded JWS header and JWS payload encoded_header = str(header).encode('utf-8') encoded_payload…
Rahul Rajeev
  • 13
  • 4
0
votes
0 answers

JWS transport best practices

I have a JWS, the payload contains just regular data. My question is there is a right way to send this JWS in a body in a post request ? I mean there is special headers or something else about JWS transport. My body is just: { jws:…
Dajalmar Gutierrez
  • 446
  • 4
  • 7
0
votes
2 answers

Keep refreshing JsonWebToken by any action form user

I use JsonWebtoken to create an access token for authentication purposes in my web app in node js using express. I want to define an expiry date for this token but I don't know how It refreshes the "iat" by performing some activities by the user!…
sishanov
  • 141
  • 2
  • 9
0
votes
0 answers

How to validate JWS using square/go-jose package

I am generating a JSON web signature in JavaScript using node-jws package (https://www.npmjs.com/package/jws). In Headers, I am giving crit: ["exp"] and exp: someTimeStamp. The snippet given below is used in generating the JWS: let token =…
Abdullah Danyal
  • 1,106
  • 1
  • 9
  • 25
0
votes
1 answer

Do I need to pass a payload to this code to generate JWT token?

I want to use JWT to generation token to authenticate users. When I use postman to test the code with a registered username and password, it returned the JsonWebTokenError: jwt malform. On close review, I discovered that the error comes from…
Jetro Olowole
  • 79
  • 3
  • 13
0
votes
1 answer

Create a JsonWebKey from JSON

I have a url that has my jwks values. It looks like this { "keys": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "Has a Real Value Here", "alg": "RS256", "n": "Has a Real Value here" }] } I…
Vaccano
  • 78,325
  • 149
  • 468
  • 850
0
votes
1 answer

Node jsonwebtoken getting verified with any signature

I am using jsonwebtoken library to sign and create JWTs to be used for API security, The code looks to be working fine when I try to verify the signature with a valid JWT_SECRET_TOKEN and throws an error when I use a wrong JWT_WRONG_TOKEN However…
Dev1ce
  • 5,390
  • 17
  • 90
  • 150
0
votes
0 answers

Verify JWT token signature of custom created tokens

I am new to PHP (Laravel), i am using tymon JWT library. I generated a custom token, now i want a way to verify its signature knowing that the token is not going to be extracted from header or request object it is like a stand alone token…
Dodz
  • 187
  • 1
  • 6
  • 14
-1
votes
1 answer

KJUR.jws.JWS does not support unencoded payload while creating jws signature

When i am trying b64:false in header it seems to have no effect. Is this not supported yet in KJUR.jws.JWS ? And can someone point me in direction of a good node js library for jws.
Shubham Nigam
  • 9
  • 3
1
2
3