Stack Overflow
Stack Overflow

Questions tagged [json-web-token]

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted.

The suggested pronunciation of JWT is the same as the English word "jot".

Source

243 questions
7
votes
0 answers

Curl PUT Request With JWT Authorization Header

I am still getting a hang of using curl for testing API request from the terminal. I have a particular issue with formatting because the API request I am attempting requires a JWT Token to be passed with every call. The request I am attempting to…
chris praka
  • 213
  • 2
  • 4
  • 9
7
votes
1 answer

Django + JSON web tokens + disabling session-based authorization

I am currently working on a Django project that wants to replace and disable Django's traditional cookie-based sessions and replace it with JSON web tokens as a means of user authentication for a user on my website.(User Authentication for the…
BudaeJjigae
  • 93
  • 5
7
votes
1 answer

Understanding authentication flow with refresh and access tokens on nodejs app

I know there are already many posts about Oauth, Oauth2, JWT, etc.. I have read many and I more confused than ever so I am looking for some clarification. I will propose my view on the subject and I hope somebody can tell me if my implementation is…
ElPirru
  • 183
  • 1
  • 14
7
votes
1 answer

Why do we need JWT when we have client sessions?

I understand that JWT are stateless tokens that store signed information about the client's claim and are passed to a server via the Authorization HTTP header. My question is, why do we need JWT when we already have client sessions…
Sam
  • 6,414
  • 11
  • 46
  • 61
6
votes
2 answers

JsonWebToken: activity-based expiration vs issuing time-based expiration

I'm fairly new to token based authorization. I'm trying to find the flaws in a custom expiration/token-refresh scheme. I have a basic JWT auth setup in an Express API; I'm setting the JWT expiration to 1 hr; However, JWT checks token expiration…
rgwozdz
  • 1,093
  • 2
  • 13
  • 26
5
votes
0 answers

Storing JSON web token in hidden input value

Im looking at building a Django web application that requires authentication but does not require cookies or javascript to be enabled on the client. Would there be any issue with creating a JSON web token and placing this within a hidden input…
brettm
  • 179
  • 1
  • 9
5
votes
2 answers

Securing API Key in Angular2

I've been googling more than a day now. May be I'm missing the correct keywords. I have the following setup: ExpressJS API (running with pm2 on port 3000) Angular2 app - served via nginx Both run on the same server. Calls to the api…
user1261284
  • 191
  • 3
  • 13
5
votes
2 answers

How to get the current user using jsonwebtoken in Sails.js?

I've been working with Sails since couple of weeks ago, I came from Rails and I don't have any experience working with Node.js. Now I'm trying to make a robust token authentication using jsonwebtoken. https://github.com/auth0/node-jsonwebtoken I…
matiasmansilla
  • 53
  • 1
  • 4
5
votes
1 answer

How much expensive is JWT decrypt

I am using JWT for API authentication. I am just curious to know how much expensive is to decrypt the JWT each time when a request arrives.
Harikrishnan
  • 3,664
  • 7
  • 48
  • 77
5
votes
2 answers

SignatureVerificationFailedException in JwtAuthForWebAPI

I have wired up the JwtAuthForWebAPI nuget project but I am not able to validate the generated tokens. I end up getting a 500 error. I am using the exact same key value for both token generation and also when configuring…
Adam
  • 4,590
  • 10
  • 51
  • 84
5
votes
3 answers

Revoke/invalidate a token with JWT

I'm using JWT (jsonwebtoken) package with node for token handling. Is there any way to "logout"/revoke/invalidate a token?
mosquito87
  • 4,270
  • 11
  • 46
  • 77
4
votes
2 answers

Where jsonwebtoken stored in server nodejs . How to expire JWT once user gets logout

I am storing Tokens on Session/Local storage on the client side.The problem I am facing is once a user copies that token and uses it for other logged-in session services it works but it should return invalid token on JWT.varify. Is there any way to…
Anurag G
  • 272
  • 4
  • 16
4
votes
1 answer

json web tokens, passport-jwt and its verify function

I've been doing some research on json web tokens recently. From what i've gathered, one of its great strengths is that its stateless. Everything you need to authenticate the user comes with the request, therefore you don't need to "hit the database…
Eric Guan
  • 15,474
  • 8
  • 50
  • 61
4
votes
1 answer

Insert more claim into identity OnTokenValidated event of JWT Bearer

Currently, I'm making a SPA using angular 4 & net core 1.1 . My system uses JWT for checking user identity. Everytime user accesses into my system, I want to check his/her identity (status, role) in database and update to HttpContext.Identity. Here…
Redplane
  • 2,971
  • 4
  • 30
  • 59
4
votes
1 answer

Expired JWT Token - How to refresh token

I am developing a mobile application, and I realize that my token has a limited duration. I am using a Symfony server, which has a function to refresh me token: /** * @Route("/api/refresh", name="api_refresh") */ public function…
AlexisCraig
  • 526
  • 4
  • 20
1 2
3
16 17