Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
26
votes
2 answers

Namespaces for .NET JWT token validation: System vs. Microsoft

I am trying to use JWT to authenticate a Node application to an ASP.NET Web API. In ASP.NET, I am using .NET 4.5.1 and nuget package System.IdentityModel.Tokens.Jwt 5.0.0 What I don't understand is, why the namespaces are mixed between Microsoft and…
wrschneider
  • 17,913
  • 16
  • 96
  • 176
26
votes
1 answer

Do cookies protect tokens against XSS attacks?

I'm building a JWT-based (JSON Web Token) authentication mechanism for an browser-based Javascript web app, working with a stateless server (no user-sessions!) and I want to know, once and for all, if using storing my JWT token in a cookie will…
Rhubarb
  • 34,705
  • 2
  • 49
  • 38
26
votes
3 answers

What are the pros/cons of using JWE or JWS

I'm trying to implement an authentication token system, so I want to know the pros/cons of using JSON Web Encryption (JWE) or JSON Web Signature (JWS), and if it make sense to use both (a JWE inside a JWS).
mike83_dev
  • 481
  • 1
  • 6
  • 11
26
votes
2 answers

Access token for anonymous users - JWT

I have been making research to switch to a community supported authorization system rather than the one I've built. I made the mistake of rebuilding the wheel, instead of implementing a community driven system that utilizes the best practices.…
Ilyas Serter
  • 810
  • 1
  • 8
  • 12
25
votes
5 answers

How to verify code from "Sign In with Apple"?

I'm trying to verify the code I got from the "Sign In with Apple" service on my Redirect Uri. I used the information from the documentation to create the post data and generate the "client_secret". The response I'm getting is:…
Hanashi
  • 581
  • 2
  • 5
  • 21
25
votes
1 answer

What are the differences between JWT RS256, RS384, and RS512 algorithms?

I'm using JWT RS256 algorithm in my current project, but I'm wondering what are the differences between algorithms RS256, RS384, and RS512. Can someone explain to me what are the key differences in these algorithms?
Jayampathy Wijesena
  • 1,670
  • 1
  • 18
  • 26
25
votes
3 answers

Is there any java example of verification of JWT for aws cognito API?

I am using aws cognito user pool, after user signed in, I got an id token at my single page application, which is expected, then for each request, I need to verify the id token at my backend rest API, which is in java, the aws doc didn't mention too…
Jakim
  • 1,713
  • 7
  • 20
  • 44
25
votes
1 answer

Pass jwt refresh token on header or body

When access token is expired, it should re-issued refresh token. At this point, I'm little hesitate which method is better. For access token, it passed HTTP header per every request. pass refresh token on HTTP header. pass refresh token on HTTP…
sungyong
  • 2,267
  • 8
  • 38
  • 66
25
votes
1 answer

Could we destroy/invalidate JWT token in Asp.NET Core?

I use ASP.NET Core & ASP.NET core Identity to generate a JWT token. On the client-side, my React (SPA) app calls API to create the token then include Authorization: Bearer token from API in subrequests. When I want to logout, how can I immediately…
Hung Quach
  • 2,079
  • 2
  • 17
  • 28
25
votes
6 answers

Didn't find publicKey for kid ,Keycloak?

I am getting this exception "Didn't find publicKey for kid" while calling endpoint from angular js 2 to the widlfly server . authentication happened in keycloak , however i am calling about 8 endpoints from different clients (different micro…
Ahmed Gamal
  • 1,666
  • 1
  • 17
  • 25
25
votes
1 answer

JWT web token encryption - SecurityAlgoritms.HmacSha256 vs SecurityAlgoritms.HmacSha256Signature

For token based authentication Microsoft.IdentityModel.Tokens provides a list of security algorithms that can be used to create SigningCredentials: string secretKey = "MySuperSecretKey"; byte[] keybytes = Encoding.ASCII.GetBytes(secretKey); …
Atomic Star
  • 5,427
  • 4
  • 39
  • 48
25
votes
2 answers

How to decode JWT Token payload on client side?

I'm using a jwt token for authentication and would like to read the payload information on the client-side. Right now I'm doing something like this: var payload = JSON.parse(window.atob(token.split('.')[1])); Is there a better way to work with jwt…
Woodsy
  • 3,177
  • 2
  • 26
  • 50
25
votes
1 answer

Spring Cloud + Zuul + JWT for Value/Reference Tokens

After reading the article How To Control User Identity Within Microservices I've been trying to implement such access control scheme (Value and Reference Tokens), but after going through multiple other topics and examples in GitHub related to…
Tom Kelly
  • 259
  • 3
  • 4
25
votes
4 answers

Go and JWT - Simple authentication

I'm currently making an API (with go) and I'm working on the session part. After research about what to use for session, I found JWT really interesting. However I'm not really sure to understand how to use it after some tutorials. So this is my…
Emixam23
  • 3,854
  • 8
  • 50
  • 107
25
votes
1 answer

Add Header to window.location.pathname

I am setting up authentication for an app. After I make a post request to login, a JSON Web Token is sent in response. I am able to attach this to the header via Ajax. The problem is when using window.location.pathname to redirect after login, since…
ahrobins
  • 352
  • 2
  • 5
  • 13
1 2 3
99 100