Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
5
votes
2 answers

Token signature invalid error

I've this error thrown com.auth0.jwt.exceptions.SignatureVerificationException: The Token's Signature resulted invalid when verified using the Algorithm: HmacSHA256 private static String SECRET = "some secret..."; public static DecodedJWT…
App2015
  • 973
  • 1
  • 7
  • 19
5
votes
5 answers

Web security. Am I protecting my REST api properly? (node.js express)

I have a MEAN stack app with a REST like api. I have two user types: user and admin. To sign the user in and keep the session i use jsonwebtoken jwt like this (simplified): const jwt = require("jsonwebtoken"); //example user, normally compare pass,…
Rasmus Puls
  • 3,009
  • 7
  • 21
  • 58
5
votes
0 answers

How to access flask auth token from a different blueprint

I have a flask app with 2 blueprints. auth blueprint and events blueprint. This is how they are structured `app/ auth_blueprint/ init.py views.py model.py events_blueprint/ init.py …
Shammir
  • 927
  • 4
  • 17
  • 32
5
votes
3 answers

Passport.js custom error for unauthorized and bad request

Implemented passport-jwt and trying to throw custom error response if user is false(email|password empty`) And if the user is not registered api.js const passport = require('passport'); const router = require('express-promise-router')(); const…
Mr Robot
  • 887
  • 4
  • 18
  • 47
5
votes
1 answer

JSON web token auth logic with refresh tokens

Angular 4 application running in browser (website backend), displaying from the server data owned by particular user. Server: PHP+MySQL, Zend Framework 3 + Doctrine ORM Naming: access_token: Short lifetime (1 min), allows to access personal…
Sfisioza
  • 3,830
  • 6
  • 42
  • 57
5
votes
1 answer

Set the request Authorization header in SFSafariViewController

I have application that have username and password, so that user logs to the app. Some (less important) functionality is still as web page. But to be user friendly, it is annoying for user to login again after already logging in. I am looking at…
Marko Zadravec
  • 8,298
  • 10
  • 55
  • 97
5
votes
1 answer

NodeJS Example - Firebase Cloud Functions - Instantiate an Admin SDK Directory service object

Goal Use googleapis with Firebase Cloud Functions to get a list of all users in my G Suite domain. Question How do I Instantiate an Admin SDK Directory service object. I do not see a NodeJS example, and I'm not clear how to setup and make the…
Chadd
  • 636
  • 7
  • 30
5
votes
2 answers

JWT with user password in key

I want to use JWT in my application. Now I'm wondering if it is secure to use the users password in combination with a private secret as a key to sign my tokens. This way, tokens get invalidated if a user changes his/her password. But maybe it makes…
arata isozaki
  • 51
  • 2
5
votes
1 answer

How can I generate a RSA key for use with com.auth0 java-jwt?

https://github.com/auth0/java-jwt States that setting up the algorithm for JWT should be as simple as //RSA RSAPublicKey publicKey = //Get the key instance RSAPrivateKey privateKey = //Get the key instance Algorithm algorithmRS =…
Ryan Leach
  • 4,262
  • 5
  • 34
  • 71
5
votes
1 answer

A better way to check for authorization of API requests using Express JS

I have a super redundant server.js file, since nearly every method in it belonging to the REST API starts like that, as I have to check at the API requests whether the client is authorized to ask for the particular thing. var jwt =…
tom
  • 2,137
  • 2
  • 27
  • 51
5
votes
1 answer

Using the authorization code grant without using cookies?

I've been reading up on this for months and it seems like the whole thing could converge on what I'm summarizing below. I'm trying to arrive at the most ideal: OAuth2 OpenID Connect SPA / Mobile Client JWT Solution that has banking level security…
Ole
  • 41,793
  • 59
  • 191
  • 359
5
votes
1 answer

Set Django REST Frmework JWT in cookies

I am using djangorestframework-jwt to authenticate users. I have overridden the builtin JSONWebTokenAPIView to return user details in the response as well. And I am also setting the token in cookies in my view. def post(self, request, *args,…
Sadan A.
  • 1,017
  • 1
  • 10
  • 28
5
votes
4 answers

Reusing a bearer token for multiple API calls

I have an architecture where by I have an initial ASP MVC landing page which calls into a Web API service which inturn calls into 2 others which themselves have do also. Currently authentication is handled via windows authentication user…
Jon H
  • 1,061
  • 4
  • 13
  • 32
5
votes
4 answers

Implement JwtBearer Authentication in NSwag SwaggerUi

In my asp.net core 2.0 solution I want to add Azure AD authentication. With the Azure AD templates inside of VS 2017 you either get JWTBearer authentication-implementation or OpenIdConnect implementation. Open Id also has the reputation of being…
user4344677
5
votes
1 answer

JWTAuthentication not working in asp.net core 2.0 after migrate from 1.1 to 2.0 with System.IdentityModel.Tokens.Jwt - 5.1.4 update

Error Error CS0619 'JwtBearerAppBuilderExtensions.UseJwtBearerAuthentication(IApplicationBuilder, JwtBearerOptions)' is obsolete: 'See https://go.microsoft.com/fwlink/?linkid=845470' Here is the code for the JWT…
San Jaisy
  • 15,327
  • 34
  • 171
  • 290
1 2 3
99
100