Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
29
votes
1 answer

jwt authentication: cookie vs header

There are a lot of articles around discussing what is the best place to store JWT on the clientside. In short, they're all about - Http-only secure cookie - no XSS, but vulnarable to XSRF Header (saved in local storage or DOM) - no XSRF, but…
user656449
  • 2,950
  • 2
  • 30
  • 43
29
votes
1 answer

When is JWTSecurityTokenHandler.ValidateToken() actually valid?

I am attempting to create a token validation method that returns true if a JWT token is valid based on the signature. I don't think I really need to validate everything in the token but what actually signifies a token is valid after calling…
Adam
  • 4,590
  • 10
  • 51
  • 84
28
votes
5 answers

Nuxt 3 JWT authentication using $fetch and Pinia

I'm trying to do a JWT authentication to a distinct API. As @nuxtjs/auth-next doesn't seem to be up to date and as I read it was possible to use the new global method fetch in Nuxt 3 instead of @nuxtjs/axios (not up to date also), I thought it won't…
Claire
  • 773
  • 1
  • 8
  • 19
28
votes
3 answers

Implicit conversion of keys from strings is deprecated. Please use InMemory or LocalFileReference classes. [Laravel/Passport]

I am using laravel/passport for api authentication Today My old access token isn't working and When i try to generate new access token then i got Implicit conversion of keys from strings is deprecated. Please use InMemory or LocalFileReference…
Senthurkumaran
  • 1,738
  • 2
  • 19
  • 29
28
votes
4 answers

Decode Jwt token React

I use jsonwebtoken to decode my Token to see if it has expired or not. But, the console.log return null. var token = response.headers.authorization; token = token.replace('Bearer',''); var jwt = require('jsonwebtoken'); var decoded =…
dna
  • 486
  • 1
  • 9
  • 18
28
votes
4 answers

How to pass Header JWT Token with Axios & React?

I make web application with React, Express, MongoDB. And, I want to pass jwt token with header. But, I pass it, get 401 error (Unauthorized). In login actions.js : export function login(username, password) { return function(dispatch) { axios …
ko_ma
  • 911
  • 2
  • 11
  • 26
28
votes
2 answers

Overriding OnTokenValidated JwtBearerEvents with Custom function .NET Core 2

In my API project I am handling authentication with JwtBearer (users login using Azure). When the API is called the token is being validated with the defined Azure instance and this all works fine. When a token is being validated successfully, the…
Nicolas
  • 2,277
  • 5
  • 36
  • 82
28
votes
2 answers

.NET Core IssuerSigningKey from file for JWT Bearer Authentication

I am struggling with the implementation (or the understanding) of signing keys for JWT Bearer Token authentication. And I hope somebody can help me or explain me what I am missunderstanding. The last few weeks I crawled tons of tutorials and managed…
monty
  • 7,888
  • 16
  • 63
  • 100
28
votes
1 answer

Using JWT - is it fine to authenticate user with the subject being their email?

I'm new to authentication, and just trying out JWT authentication on a small express app. I've got a user authentication setup using JWTs, and I'm using the subject as the user's email. Is this a good practice? If I decode the JWT on jwt.io, I…
user1354934
  • 8,139
  • 15
  • 50
  • 80
28
votes
10 answers

Angular 2 Failed to execute open on XMLHttpRequest: Invalid URL

I'm trying to call a service, it's works in DHC, but when I try to call in my angular 2 project, it crash, the method request is POST, receive an object from body who has a email and password, and the response is a token, that I will use in the…
Marlaurita
  • 583
  • 3
  • 11
  • 26
28
votes
2 answers

JSON Web Token (JWT) as a url for email activation

How secure it is to make JWT as the activation url in email? For example: Click link to activate your…
momokjaaaaa
  • 1,293
  • 3
  • 17
  • 32
27
votes
8 answers

How to mock JWT authentication in a Spring Boot Unit Test?

I have added JWT Authentication using Auth0 to my Spring Boot REST API following this example. Now, as expected, my previously working Controller unit tests give a response code of401 Unauthorized rather than 200 OK as I am not passing any JWT in…
java12399900
  • 1,485
  • 7
  • 26
  • 56
27
votes
5 answers

NestJS Get current user in GraphQL resolver authenticated with JWT

I am currently implementing JWT authentication with Passport.js into a NestJS application. In some of my GraphQL resolvers I need to access the currently authenticated user. I know that passport will attach the authenticated user to the request…
grahan
  • 2,148
  • 5
  • 29
  • 43
27
votes
10 answers

Could not deserialize key data on decoding JWT python

I am using pyjwt library for decoding the JWT token. I got this error when I am decoding. The code was given in the documantation. import jwt encoded_jwt='''eyJ0eXAiOiJKV1QiLCJhbG......''' secret=b''''-----BEGIN PUBLIC…
Balakrishnan Sathiyakugan
  • 481
  • 1
  • 5
  • 14
27
votes
4 answers

Why doesn't Amazon Cognito return an audience field in its access tokens?

When Amazon Cognito issues access tokens it doesn't include an aud field. In the documentation for Cognito tokens, the aud field is listed for id tokens (always set to the same value as client_id), but not for access tokens. The relevant section of…
GlennS
  • 5,251
  • 6
  • 28
  • 31
1 2 3
99 100