Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
21
votes
2 answers

Where does jwt.io get the public key from JWT token?

I was decoding a JWT token via jwt.io (in the Debugger section) to see Headers, Payload. Surprisingly, it also verified, and I could see it (jwt.io debugger) is able to retrieve the public key as well. So my question is: Does JWT token provide the…
CuriousMind
  • 8,301
  • 22
  • 65
  • 134
21
votes
3 answers

Skip JWT Auth during Tests ASP.Net Core 3.1 Web Api

I a have a very simple app with one JWT authenticated controller: [ApiController] [Authorize] [Route("[controller]")] public class JwtController : ControllerBase { public JwtController() { } [HttpGet] public ActionResult Get() =>…
Shkar T. Noori
  • 263
  • 2
  • 6
21
votes
3 answers

io.jsonwebtoken.UnsupportedJwtException: Signed Claims JWSs are not supported

I just added Jwt to my application. When I'm trying to send get request via postman which require authorization, then I've got following error: io.jsonwebtoken.UnsupportedJwtException: Signed Claims JWSs are not supported. I'm sending in body…
spazzola
  • 299
  • 1
  • 3
  • 12
21
votes
2 answers

API Authentication for PWA

The Setup We’re building a PWA (progressive web app). The main components are the app shell (SPA) and the API. The REST API will supply the data needed for the app, while the SPA will handle the rest (as per Google recommendation). The…
Lukasz J
  • 336
  • 2
  • 6
21
votes
4 answers

what should be the key length in signingCredentials jwt asp.net core

public static string GenerateToken(string Username) { var claimsdata = new[] { new Claim(ClaimTypes.Name, Username) }; var key = new SymmetricSecurityKey( …
Mohan Kurali
  • 362
  • 1
  • 4
  • 15
21
votes
5 answers

Is JWT necessary over HTTPS communication?

I'm developing a MEAN stack application, and I'm currently setting up an account system. I've seen several tutorials about Authentication, all using JWT. I am wondering if, JWT could be used as way to secure communication transport over non-secured…
Maxime Flament
  • 721
  • 1
  • 7
  • 24
21
votes
3 answers

How to specify audience for an OAuth2 access token?

I am confused that there seems to be no standard way to specify the audience for an access token when sending an authorization request to an authorization server. OAuth2 specifies access tokens as opaque strings; there is only one mention of…
Free Willaert
  • 1,139
  • 4
  • 12
  • 24
21
votes
5 answers

asp.net core JWT in uri query parameter?

I have an api that is protected by JWT and Authorize attribute and at the client I use jquery ajax call to deal with it. This works fine, however I now need to be able to secure downloading of files so I can't set a header Bearer value, can it be…
JohnC
  • 3,938
  • 7
  • 41
  • 48
21
votes
3 answers

ASP.NET Core JWT Bearer Token Custom Validation

After a lot of reading, I have found a way to implement a custom JWT bearer token validator as below. Starup.cs: public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IApplicationLifetime…
Sang Suantak
  • 5,213
  • 1
  • 27
  • 46
21
votes
3 answers

Is it ok to store user credentials in the JWT

Is it ok to store user credentials (username / password) in the JWT (so sign it and verify the resulted token later)? I heard that No, it is not secure to send a password in a JWT. This is because the JWT claims are simply encoded and can easily…
FrozenHeart
  • 19,844
  • 33
  • 126
  • 242
21
votes
12 answers

Set expiry time for laravel jwt dynamically

Hi I am using angular js in front end with satellizer and laravel at backend with tymon jwt library. I am using jwt authentication. I want to make remember me functionalities in my web app. I see 'ttl' to set expiry time of token in laravel…
user254153
  • 1,855
  • 4
  • 41
  • 84
21
votes
4 answers

JHipster authentication using Postman and JWT

I'd been using the Postman in-tab extension to tests calls to call JHipster resource API's and found that it worked great (JHipster setup to use OAuth2). I authenticated using the JHipster login page, then opened up a new tab with the Postman…
Jose Gulisano
  • 1,281
  • 3
  • 11
  • 12
21
votes
2 answers

How to safely store & process secret key for JWT

After reading this: JWT: What's a good secret key, and how to store it in an Node.js/Express app?, on how to store "secret key" to assign JWT tokens. I had security questions. My data (messages, username, etc...) are going to be encrypted (in…
Rainbow
  • 221
  • 1
  • 3
  • 10
21
votes
2 answers

AspNetCore.Authentication.JwtBearer fails with No SecurityTokenValidator available for token with .net core RC2

I'm trying to get a simple endpoint working that issues and consumes JWT tokens using AspNew.Security.OpenIdConnect.Server to issue the token and validating using Microsoft.AspNetCore.Authentication.JwtBearer. I can generate the token fine but…
koocbor
  • 333
  • 1
  • 3
  • 12
21
votes
4 answers

c# How to verify signature JWT?

I have a token, a file containing public key and I want to verify the signature. I tried to verify signature based on this. However, decodedCrypto and decodedSignature don't match. Here is my code: public static string Decode(string token, string…
anhtv13
  • 1,636
  • 4
  • 30
  • 51
1 2 3
99 100