Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
23
votes
3 answers

JWT error IDX10634: Unable to create the SignatureProvider C#

I'm trying to run my app but it get stuck with the following error: System.NotSupportedException HResult=0x80131515 Message=IDX10634: Unable to create the SignatureProvider. Algorithm: '[PII is hidden by default. Set the 'ShowPII' flag in…
Deadpool
  • 1,031
  • 3
  • 19
  • 35
23
votes
3 answers

Should each microservice manage its own user-permissions and user-roles?

I have a design issue I am not sure of how to solve. Let's say my main application consists of 6 modules: client gateway auth-service forum gallery messages The client is supposed to communicate with the gateway-service only. Should I have my…
Igor
  • 1,582
  • 6
  • 19
  • 49
23
votes
9 answers

Symfony4: Unable to find the controller for path "/api/login_check". The route is wrongly configured

I am tyring to set up symfony4 api JSON login by JWT. The api platform core bundle is installed and I followed this instruction: https://api-platform.com/docs/core/jwt/ I created the custom user provider as described. By opening the URL…
user3684098
  • 349
  • 1
  • 3
  • 18
23
votes
3 answers

Passport & JWT & Google/Facebook Strategy - How do I combine JWT and Google/Facebook Strategy?

This question is for anyone who is familiar with Node.js Express Passport JWT Authentication with passport (JSON Web Tokens) Facebook OAuth2.0 OR Google OAuth2.0 I have been doing some online courses and understand how to do the two following…
Vaderico
  • 629
  • 2
  • 8
  • 24
23
votes
4 answers

ASP .NET Core Identity default authentication vs JWT authentication

I am developing ASP NET Core Web API and I am confused by choosing the authentication method. I used to apply default Asp Net Identity authentication, but recently I've known about JWT. So I've implemented Authentication almost as it done in this…
Andrew K
  • 369
  • 1
  • 3
  • 13
23
votes
3 answers

Invalidating client side JWT session

I've read a lot about JWT and how to create "stateless" sessions through JWT. The gist of what I understand is that because of the signature & expiration, you can essentially send the entire session to be saved by the client and the server does not…
wlingke
  • 4,699
  • 4
  • 36
  • 52
22
votes
4 answers

next-auth JWEDecryptionFailed

I am using this code to be able to use the credentials next-auth provider along with cognito as oauth serviice: this to allow email and password auth. I am running next-auth@4.2.1: import CognitoProvider from "next-auth/providers/cognito"; import…
a-dawg
  • 783
  • 1
  • 5
  • 13
22
votes
2 answers

Why are cookies not sent to the server via getServerSideProps in Next.js?

Cookies are not sent to the server via getServerSideProps, here is the code in the front-end: export async function getServerSideProps() { const res = await axios.get("http://localhost:5000/api/auth", {withCredentials: true}); const data = await…
Овов Очоы
  • 453
  • 1
  • 5
  • 12
22
votes
1 answer

How does JWT.io already know my public key?

My JSON Web Token…
squidword
  • 437
  • 3
  • 11
22
votes
2 answers

django-rest-framework using HttpOnly Cookie

After using djangorestframework-jwt in an unsafe way for over year I've finally decided that I would like to get it working in a safer fashion. I've read everywhere that is not good to save a JWT token in the local client (for example, local…
Francesco Meli
  • 2,484
  • 2
  • 21
  • 52
22
votes
2 answers

.Net Core 2.0 Web API using JWT - Adding Identity breaks the JWT authentication

(Edit - Found proper fix! see below) OK - this is my first attempt at .Net Core 2.0 and authentication, though I've done things with Web API 2.0 in the past, and have worked fairly extensively on various MVC and Webforms ASP projects over the last…
GPW
  • 2,528
  • 1
  • 10
  • 22
22
votes
1 answer

Static secret as byte[], Key or String?

I have started to work with JJWT to handle JWT on my server application. My JWT secret will be stored at resources folder and I will load the secret with Properties class. The JJWT provides three methods to sign the JWT, one uses byte[], other uses…
Paulo
  • 2,956
  • 3
  • 20
  • 30
22
votes
3 answers

Decoding the expiry date of a JavaScript Web Token (JWT)?

I am unable to understand the expiry date format of the JWT embedded in my application. For example: 1473912000 What does this translate to? 1473912000 ms, some x date? Any help will be appreciated!
Sarim Zafar
  • 263
  • 1
  • 3
  • 7
22
votes
1 answer

How do I use an API Gateway in conjunction with microservices and JWTs?

Afternoon y'all, Just looking for someone to double check my work. Is the below an effective way to secure microservices? Premise Breaking up our monolithic application and monolithic Partner API into microservices oriented around specific business…
Sean Lindo
  • 1,387
  • 16
  • 33
22
votes
3 answers

Encrypting JWT payload

JWTs have 3 parts: HEADER:ALGORITHM & TOKEN TYPE PAYLOAD:DATA SIGNATURE TO BE VERIFIED WITH THE SECRET KEY Is it possible to encrypt the payload? Following is my token's payload: { "iss": "joe", "exp": "1300819380", "data": { "id": "12", …
Paulo Henrique Queiroz
  • 612
  • 1
  • 6
  • 21
1 2 3
99 100