Stack Overflow
Stack Overflow

Questions tagged [json-web-token]

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted.

The suggested pronunciation of JWT is the same as the English word "jot".

Source

243 questions
12
votes
9 answers

How to get token expiration with `jsonwebtoken` using typescript

I'm using jsonwebtoken to decode a token, and I'm trying to get the expiration date. Typescript is throwing errors regarding the exp property, and I'm not quite sure how to solve them: import jwt from 'jsonwebtoken' const tokenBase64 = 'ey...' /*…
aryzing
  • 4,982
  • 7
  • 39
  • 42
11
votes
1 answer

C# How to verify signature on JWT token?

I am trying to understand how to verify signatures of JWT tokens using the .NET Framework. I am using the token found at https://jwt.io/ . If I understand how this is supposed to work, I can use the HMACSHA256 hashing algorithm with the first two…
Dave
  • 2,473
  • 2
  • 30
  • 55
10
votes
4 answers

Promises vs Async with Jsonwebtokens

I completed a Node app tutorial and went back to rewrite the code with async/await to better learn how it's done. However I have a route handler the I can't get right without using promises: getProfile: function(id){ return new…
Nolan Davis
  • 125
  • 1
  • 1
  • 7
10
votes
1 answer

Client ID or Multiple Audiences In JSON Web Token

I am implementing OAuth 2.0 with JWT in my application and am having trouble deciding what to set as my aud claim as. A user will "login" to my client via my authentication server to gain access to my API (resource) server. I want my tokens to only…
Greg
  • 8,574
  • 21
  • 67
  • 109
9
votes
1 answer

Node: Sending JSON Web token to client with page redirect

I am using Node Express to build my backend server. Additionally, authentication is my application happens with Passport-SAML. I am using JWT to maintain user sessions. So the flow is, The user calls in login endpoint They are redirected to SAML…
shubhammakharia
  • 147
  • 1
  • 2
  • 10
9
votes
2 answers

Parse Armored ECC public/private keys (generated from gpg cli) in java

I'm trying to convert an armored ECC gpg key to corresponding java class ECPrivateKey/ECPublicKey. To generate the key pair I'm using: gpg --expert --full-generate-key Then selecting (9) ECC and ECC (or (10) ECC (sign only)) Then selecting (3)…
Tomer Mayost
  • 266
  • 1
  • 8
8
votes
2 answers

Express + JWT exclude certain routes

I have an Node application running with express and jsonwebtoken. I have made a check before every request for the api calls to check the jsonwebtoken. I have manually excluded the routes like below. Is there any better way to exclude some routes…
JackSlayer94
  • 805
  • 3
  • 16
  • 38
8
votes
3 answers

Jsonwebtoken verify always return only {iat: xxx }

According to documentation, https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback, jwt.verify will returns decode payload, I run the simple script: var token = jwt.sign({email: req.body.email,}, 's3cr3t'); var…
egig
  • 4,370
  • 5
  • 29
  • 50
8
votes
3 answers

How do I add a json web token to each header?

So I am trying to use JSON web tokens for authentication and am struggling trying to figure out how to attach them to a header and send them on a request. I was trying to use https://github.com/auth0/angular2-jwt but I could not get it working with…
Morgan G
  • 3,089
  • 4
  • 18
  • 26
8
votes
1 answer

JWT (JSON Web Token) in C++ using boost and openssl bug

I am a fairly novice c++ programmer (I'm still in college so I suppose I'm a fairly novice programmer in general) and I am trying to generate a JWT in c++. I am able to generate and encode a header and payload, but the signature I generate using…
Matt Sainz
  • 105
  • 1
  • 6
8
votes
1 answer

json web token + img src

I set to my project json web token authentication. I secured all requests under "private" path. What is the best way to download an image from client using tag img and attribute src. The only solution I have so far…
user732456
  • 2,638
  • 2
  • 35
  • 49
8
votes
1 answer

implementing refresh-tokens with angular and express-jwt

I want to implement the Sliding expiration concept with json web tokens using angular, nodejs and express-jwt. I'm a little confused on how to do this, and am struggling to find any example of refresh tokens or and other material relating to…
user979441
  • 301
  • 1
  • 2
  • 8
7
votes
3 answers

Only allow signing in from one device at a time in NodeJS

I am using JWT for authentication. However I do not want the user to be logged in from multiple devices. How do I ensure this? Right now - All I can think of is to store the JWT into DB and then check if it exists . And if it exists, what was the…
Prateek Narendra
  • 1,837
  • 5
  • 38
  • 67
7
votes
2 answers

When would you use an unprotected JWS header?

I don't understand why JWS unprotected headers exist. For some context: a JWS unprotected header contains parameters that are not integrity protected and can only be used per-signature with JSON Serialization. If they could be used as a top-level…
markw
  • 321
  • 1
  • 3
  • 14
7
votes
2 answers

What is the difference between the npm modules jsonwebtoken and jwt-simple?

One example suggested using 'jsonwebtoken' and another suggested 'jwt-simple'... what are the differences?
Grateful
  • 9,685
  • 10
  • 45
  • 77
1
2
3
16 17