Stack Overflow
Stack Overflow

Questions tagged [json-web-token]

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or MACed and/or encrypted.

The suggested pronunciation of JWT is the same as the English word "jot".

Source

243 questions
4
votes
1 answer

Are unsecured JWTs rare in practice? Should they be?

I am planning to use JSON Web Tokens for a new web application that I am developing in Angular 2. Since I haven't used it before I am reading some tutorials to understand how it exactly works. In an online resource I read that unsecured JWTs are…
hY8vVpf3tyR57Xib
  • 3,574
  • 8
  • 41
  • 86
4
votes
2 answers

JSON Web Token (JWT)

I have a general question regarding JSON Web Token (JWT). If the JWT is stolen from the client (say, it was stored as a cookie or the app's database) by hacking or physical access, it can be used to send to the server which the server will think it…
ikevin8me
  • 4,253
  • 5
  • 44
  • 84
4
votes
1 answer

Error using jsonwebtoken with angular-cli application

I have an angular2 application that uses the angular-cli for the scaffold and other tasks, but now I can't use jsonwebtoken on my angular2 application. I have added the dependency yarn add --save jsonwebtoken and I actually can see the library at…
carpinchosaurio
  • 1,175
  • 21
  • 44
4
votes
2 answers

Invalid Json web token in Go

I am trying to make a Json web token authentication system with Go however I cant seem to get the parsing of the web token working. The error occurs in the following function. func RequireTokenAuthentication(rw http.ResponseWriter, req…
Colleen Larsen
  • 693
  • 3
  • 12
  • 24
4
votes
1 answer

JJWT generated token has an invalid signature

I'm generating my JWT token using JJWT library. I generate my token as follows. I'm using dummy values as my secret key. we can assume that jwt.security.key=security-key @Value("${jwt.security.key}") private String key; …
KyelJmD
  • 4,682
  • 9
  • 54
  • 77
4
votes
1 answer

How to use JWE and JWS in JWT.io

I'm new with JWT, I read the RFC 7519 and alot of Websites about the issue JWE and JWS but I'm a litte bit confuse about this topic. JWE is encodet and JWS is encodet and signed. The RFC describe " If the JOSE Header is for a JWS, the JWTis…
michael-mammut
  • 2,595
  • 5
  • 28
  • 46
4
votes
1 answer

Validation on specific request(s) in node js

I created an api with reference of this link It validates the request in following manner: router.post('/authenticate', function(req, res) { var query = "SELECT * FROM ?? WHERE ??=? and ??=? LIMIT 1"; var table =…
Lalitesh Upadhyaya
  • 311
  • 1
  • 4
  • 14
4
votes
3 answers

How to pass JsonWebToken x-access-token through angular js

I created a node express RESTful API with jsonwebtoken as authentication method. But unable to pass the x-access-token as headers using angular js. my JWT token authentication script is, apps.post('/authenticate', function(req, res) { // find…
LearnCode Master
  • 552
  • 2
  • 8
  • 25
4
votes
2 answers

Using Passport for Authentication of API Endpoints

Following a couple tutorials on adding authentication using jsonwebtoken, passport, and passport-local I've become stuck on integrating it into my project. I want it so that any requests to any of the API endpoints require authentication, and also…
gh0st
  • 1,653
  • 3
  • 27
  • 59
4
votes
3 answers

JWT Returns Invalid Signature Error Even When I enter the token in Authorization

I already looked at this stack overflow entry Node.js - Express.js JWT always returns an invalid token error in browser response but I couldn't find a solution there. I have attempted to write a small node app as a proof of concept for using JWT…
flipvinyl
  • 41
  • 1
  • 1
  • 3
4
votes
2 answers

How to config spring-session to support HeaderHttpSessionStrategy and CookieHttpSessionStrategy in one application?

I have a project want to support android,ios,pc web. I try to use https://github.com/spring-projects/spring-session, can it be just config in an application to support HttpSession and rest token? if it can,how i can config it?
kalman
  • 41
  • 1
  • 5
4
votes
0 answers

JSON web token size

I'm currently using the node-jsonwebtoken (https://github.com/auth0/node-jsonwebtoken) library to generate an auth token. I simply call jwt.sign to generate the token. On my staging and development servers, the token that is generated is 941…
Edward Sun
  • 1,541
  • 3
  • 15
  • 26
4
votes
0 answers

JSON web token - applying different user roles to different routes

What is the standard practice for using JWTs in authentication mechanisms which require roles? Should roles be contained somewhere within the predefined public claim names? ['iss', 'sub', 'aud', 'exp', 'nbf', 'iat', 'jti] ... Or should an…
bguiz
  • 27,371
  • 47
  • 154
  • 243
3
votes
1 answer

Node/Express API, Email verification using JWT token, unexpected behavior

Kind of a strange issue. I am building a NodeJS/Express api using json web tokens for email verification for users. Code for both the user registration and email confirmation routes are below. When testing these routes in Postman using the…
TylerB
  • 31
  • 1
  • 2
3
votes
1 answer

When JWT expires, will the JWT stored in local storage be removed automatically?

I have JWT already stored in the user's browser's local storage. I have set the JWT's expiration date to be on in 7 days using nodejs/express. Will the browser detect the expiration date and automatically remove it from the local storage? or will…
sdfdsf sdf
  • 383
  • 1
  • 5
  • 12
1 2 3
16 17