Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
25
votes
6 answers

is there a way to parse claims from an expired JWT token?

If we try to parse an expired JWT, results in expired exception. Is there a way to read claims even the JWT was expired. Below is used to parse JWT in java: Jwts.parser().setSigningKey(secret.getBytes()).parseClaimsJws(token).getBody();
Sivaprakash
  • 295
  • 1
  • 3
  • 9
25
votes
3 answers

May an OAuth 2.0 access token be a JWT?

From what I can tell, the OAuth 2.0 specification is extremely vague in terms of what form an access token should take: The token may denote an identifier used to retrieve the authorization information or may self-contain the authorization…
bjmc
  • 2,970
  • 2
  • 32
  • 46
24
votes
1 answer

OAuth-2.0/JWT - guidance about when to use scope vs roles

One thing related to OAuth 2.0 and JWTs that's still a bit confusing is when to use scopes vs. roles. I think some of the confusion is coming from how role-based authorization works in ASP.NET Core (which is the primary language/framework at my…
Ryan.Bartsch
  • 3,698
  • 1
  • 26
  • 52
24
votes
7 answers

ASP.Net Core API always returns 401 but Bearer token is included

I have an ASP .NET Core web api and I generate a JWT token for authorization purposes but whenever I make a request with Postman with Bearer token header I get 401 Unauthorized. Same when I try from my front-end that's consuming the API. When I…
Timothy
  • 385
  • 1
  • 4
  • 8
24
votes
3 answers

ASP.NET Identity Bearer Token vs JWT Pros and Cons

I have used ASP.NET Identity for a while now and have been looking at JWT (JSON Web Token) as they seem really interesting and easy to use. JWT.IO has a great example/tool of debugging the token. However, I'm not entirely sure how JWT's work on the…
shammelburg
  • 6,974
  • 7
  • 26
  • 34
24
votes
4 answers

How to provide frontend with JSON web token after server authentication?

So far I have only dealt with server-rendered apps, where after a user logs in via username/password or using an OAuth provider (Facebook etc.), the server just sets a session cookie while redirecting to the relevant page. However now I'm attempting…
Inkling
  • 3,544
  • 4
  • 30
  • 44
24
votes
1 answer

Azure B2C: How do I get "group" claim in JWT token

In the Azure B2C, I used to be able to get a "groups" claim in my JWT tokens by following Retrieving Azure AD Group information with JWT: Open the old-school Azure manager (https://manage.windowsazure.com) Register my application with B2C Download…
Thomas Schaumburg
  • 481
  • 4
  • 11
24
votes
1 answer

Single Sign On (SSO) using JWT

I have read several articles about sso but could not find an answer in my mind. I have a scenario like below: Scenario: My company wants to have sso mechanism using jwt. Company has 2 different domains like abc.com as abc and xyz.com as xyz. Also…
baris usanmaz
  • 839
  • 1
  • 13
  • 31
24
votes
5 answers

Allow one concurrent user per login with JWT

We are developing an application with Laravel/PHP and we want to use an pay-per-user pricing model. For that we have to ensure that an account can only used by only one concurrent user. We use JWT for authentication and it is stateless so I can't…
Gert Timmerman
  • 251
  • 1
  • 2
  • 4
24
votes
1 answer

JwtSecurityTokenHandler and TokenValidationParameters

I used to have a reference to Microsoft.IdentityModel.Tokens.JWT and everything was working fine. I updated to use the new System.IdentityModel.Tokens.Jwt but nothing seems to work now. It cannot find the ValidateToken method of the…
Patrice Cote
  • 3,572
  • 12
  • 43
  • 72
24
votes
5 answers

NSData won't accept valid base64 encoded string

I'm implementing JSON Web Token authentication on the iOS (7) cient-side. It's working nicely. My app rceives tokens, and can make authenticated calls to my server with them. Now, I want my client side code to check for an expiration date on the…
TomorrowPlusX
  • 1,205
  • 2
  • 14
  • 27
23
votes
1 answer

Why is JWT::decode() returning { "status": "\"kid\" empty, unable to lookup correct key" }

My first ever Stack Overflow Question - here it goes! I've encoded a Firebase JWT token to authenticate a 'buyer' in my PHP Slim API. It encodes correctly and generates a JWT token in Postman, Postman JWT encoding but when I try to use the JWT for…
Dwags317
  • 330
  • 1
  • 2
  • 8
23
votes
1 answer

What's the whole point of a JWT refresh token?

I've been reading about this for a while, and nothing makes sense, and the explanations are conflicting, and the comments are proving that. So far what I understood is that JWTs are storing information encoded by the server, can have expiry times,…
Gergő Horváth
  • 3,195
  • 4
  • 28
  • 64
23
votes
3 answers

jwt.decode() got an unexpected keyword argument 'verify'

I can generate the token with the route api/token but I can't use it after. All was functional before, but now I have this error from django rest framework, and I don't know why. File…
Mathieu S
  • 239
  • 2
  • 4
23
votes
5 answers

Handle 400 Bad Request From WebApi In Angular 6 (using HttpClient)

Below is an Asp.net Core WebAPI which returns bad request with Error details as to its param when let's say duplicate a user is trying to register. public async Task Register([FromBody] RegisterModel registerModel) { if…
Jason
  • 325
  • 2
  • 4
  • 12
1 2 3
99 100