Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
21
votes
3 answers

Where do I need to use JWT?

The structure and protocol aside, I was wondering where JWT fits into client/server communication? Is it here to replace authentication and session cookies? Is it here to relieve servers of storing session tokens in a database or memory? Is it for…
el_shayan
  • 2,735
  • 4
  • 28
  • 42
21
votes
6 answers

Google OAuth2 JWT token verification exception

I'm facing OAuth2 JWT token verification exception last hour (so no one can access my application): java.security.SignatureException: Signature length not correct: got 256 but was expecting 128. I'm using google-http-client 1.20.0 and Java 1.7.0.…
user3686724
  • 603
  • 1
  • 5
  • 15
21
votes
3 answers

JSON Web Token (JWT) advantages/disadvantages over Cookies

One advantage of a JWT over a cookie seems to be that it bypasses the origin restrictions on cookies. Can someone help me understand any other advantages and importantly any other disadvantages to JWTs?
Ben Aston
  • 53,718
  • 65
  • 205
  • 331
21
votes
2 answers

Are sessions needed for python-social-auth

I'm building a django app with an API backend(built with DRF) and angularjs client. My goal is to completely decouple the server and client using JWT in place of sessions. I'm attempting to integrate python-social-auth(PSA) with…
Ethan Blackburn
  • 497
  • 5
  • 13
21
votes
2 answers

Supertest, test secure REST API

I am writing an integration test for a REST API protected by a jwt. One API operation POST /user/token is returning a jwt given a username and a password and this token is then used for a list of operations such as: GET /user/:id Where the route is…
JohnJohnGa
  • 15,446
  • 19
  • 62
  • 87
20
votes
3 answers

How to secure fastapi API endpoint with JWT Token based authorization?

I am a little new to FastAPI in python. I am building an API backend framework that needs to have JWT token based authorization. Now, I know how to generate JWT tokens, but not sure how to integrate that with API methods in fast api in Python. Any…
Aditya Bhattacharya
  • 914
  • 2
  • 9
  • 22
20
votes
10 answers

Nest.js Auth Guard JWT Authentication constantly returns 401 unauthorized

Using Postman to test my endpoints, I am able to successfully "login" and receive a JWT token. Now, I am trying to hit an endpoint that supposedly has an AuthGuard to ensure that now that I am logged in, I can now access it. However, it constantly…
noblerare
  • 10,277
  • 23
  • 78
  • 140
20
votes
6 answers

Sign in with Apple (iOS App + Backend verification) API returns error "invalid_client"

I'm trying to implement Sign In with Apple with an iOS app and a backend. The goal is this: The User signs in on the iOS app After a positive response the app calls an endpoint on the backend and hands over the authorizationCode The backend now…
Lukas Würzburger
  • 6,543
  • 7
  • 41
  • 75
20
votes
2 answers

react-cookie vs universal-cookie vs react-cookies

I am using JWT to create and verify tokens and store the token in a cookie. (react front end vs Nodejs backend) I am confused about the use of react-cookie vs universal-cookie and react-cookies. What is the difference between these and what is the…
Abdul Ahad
  • 1,221
  • 2
  • 16
  • 28
20
votes
3 answers

Multiple JWT authorities/issuers in Asp.Net Core

I'm trying to get JWT bearer authentication in an ASP.Net API gateway using Ocelot to work with multiple authorities/issuers. One issuer is Auth0 and the other is an in-house authentication server based on IdentityServer4; we are trying to migrate…
Chris Swinchatt
  • 1,081
  • 2
  • 9
  • 18
20
votes
1 answer

In ASP.NET Core read JWT token from Cookie instead of Headers

I am porting an ASP.NET Web API 4.6 OWIN application to ASP.NET Core 2.1. The application is working based on JWT token. But the token in passed via cookie instead of header. I'm not sure why headers are not used, it is just the situation that I…
Afshar Mohebi
  • 10,479
  • 17
  • 82
  • 126
20
votes
4 answers

Get userId from JWT on all Controller methods?

I am creating a Core 2.0 Web API project that uses JWT for authentication and authorization. My controller methods that I want to secure are all decorated with the Authorize attribute. This is working. If I pass the JWT in the Bearer header, I get a…
Craig
  • 18,074
  • 38
  • 147
  • 248
20
votes
5 answers

Using JSON Web Tokens (JWT) with Azure Functions (WITHOUT using Active Directory)

I am sure someone out there has already done this, but I have yet to find any documentation with regard to the Microsoft implementation of JWT. The official documentation from Microsoft for their JWT library is basically an empty page,…
bdcoder
  • 3,280
  • 8
  • 35
  • 55
20
votes
3 answers

JWT Security with IP Addresses

I am building a Web Application using Angular 2 and the backend service built in ASP.NET Core Web API. For authentication, I am thinking of using JWT and storing the token in a Secure HttpOnly Cookie. For extra security, I am also thinking of…
null_pointer
  • 1,779
  • 4
  • 19
  • 38
20
votes
4 answers

How to get username from Django Rest Framework JWT token

I am using Django Rest Framework and i've included a 3rd party package called REST framework JWT Auth. It returns a token when you send a username/password to a certain route. Then the token is needed for permission to certain routes. However, how…
Gary Holiday
  • 3,297
  • 3
  • 31
  • 72
1 2 3
99 100