Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
219
votes
13 answers

Sending JWT token in the headers with Postman

I'm testing an implementation of JWT Token based security based off the following article. I have successfully received a token from the test server. I can't figure out how to have the Chrome POSTMAN REST Client program send the token in the…
Diode Dan
  • 4,801
  • 6
  • 25
  • 34
213
votes
3 answers

How Spring Security Filter Chain works

I realize that Spring security build on chain of filters, which will intercept the request, detect (absence of) authentication, redirect to authentication entry point or pass the request to authorization service, and eventually let the request…
Tuomas Toivonen
  • 21,690
  • 47
  • 129
  • 225
213
votes
11 answers

How to decode JWT Token?

I don't understand how this library works. Could you help me please ? Here is my simple code : public void TestJwtSecurityTokenHandler() { var stream = …
Cooxkie
  • 6,740
  • 6
  • 22
  • 26
190
votes
4 answers

JWT (Json Web Token) Audience "aud" versus Client_Id - What's the difference?

I'm working on implementing OAuth 2.0 JWT access_token in my authentication server. But, I'm not clear on what the differences are between the JWT aud claim and the client_id HTTP header value. Are they the same? If not, can you explain the…
Chris Swain
  • 5,193
  • 5
  • 21
  • 22
186
votes
8 answers

What is secret key for JWT based authentication and how to generate it?

Recently I started working with JWT-based authentication. After the user login, a user token is generated which will look like…
RIPAN
  • 3,326
  • 4
  • 17
  • 28
183
votes
3 answers

What is the maximum size of JWT token?

I need to know the maximum length of JSON Web Token (JWT) In specs there are no information about it. Could be that, there are no limitations in length ?
Bogdan
  • 1,945
  • 2
  • 12
  • 8
172
votes
4 answers

Authenticating socket io connections using JWT

How can I authenticate a socket.io connection? My application uses a login endpoint from another server (python) to get a token, how can I get use that token whenever a user opens a socket connection on the node side? io.on('connection',…
el_pup_le
  • 11,711
  • 26
  • 85
  • 142
164
votes
3 answers

Single sign-on flow using JWT for cross domain authentication

There is a lot of information on the web about using JWT (Json Web Token) for authentication. But I still didn't find a clear explanation of what the flow should be when using JWT tokens for a single sign-on solution in a multiple domains…
electrotype
  • 8,342
  • 11
  • 59
  • 96
163
votes
4 answers

Use multiple JWT Bearer Authentication

Is it possible to support multiple JWT Token issuers in ASP.NET Core 2? I want to provide an API for external service and I need to use two sources of JWT tokens - Firebase and custom JWT token issuers. In ASP.NET core I can set the JWT…
Sane
  • 2,334
  • 2
  • 17
  • 20
163
votes
2 answers

What format is the exp (Expiration Time) claim in a JWT

I am using ADAL library to get access token for a resource. Does anyone know what format is the expiration time in ? more specifically "exp" (Expiration time) claim. JwtSecurityToken class simply returns int32 after parsing. So, that is not a good…
Frank Q.
  • 6,001
  • 11
  • 47
  • 62
163
votes
5 answers

How to handle file downloads with JWT based authentication?

I'm writing a webapp in Angular where authentication is handled by a JWT token, meaning that every request has an "Authentication" header with all the necessary information. This works nicely for REST calls, but I don't understand how I should…
Marco Righele
  • 2,702
  • 3
  • 23
  • 23
155
votes
4 answers

Should JWT be stored in localStorage or cookie?

For the purpose of securing REST API using JWT, according to some materials (like this guide and this question), the JWT can be stored in either localStorage or Cookies. Based on my understanding: localStorage is subjected to XSS and generally it's…
pkid169
  • 2,240
  • 2
  • 15
  • 22
155
votes
2 answers

Web API Authentication Basic vs Bearer

I have created JWT based Authentication in my Web API application. I am not able to figure out the difference between Basic Token Bearer Token Can someone please help me?
SharmaPattar
  • 2,472
  • 3
  • 21
  • 23
139
votes
8 answers

How to destroy JWT Tokens on logout?

I am using jwt plugin and strategy in hapijs. I am able to create jwt token while login user and authenticate other API using the same token through 'jwt' strategy. I am setting the token in request.state.USER_SESSION as a cookie where USER_SESSION…
Garima
  • 1,566
  • 2
  • 11
  • 14
126
votes
3 answers

Decoding and verifying JWT token using System.IdentityModel.Tokens.Jwt

I've been using the JWT library to decode a Json Web Token, and would like to switch to Microsoft's official JWT implementation, System.IdentityModel.Tokens.Jwt. The documentation is very sparse, so I'm having a hard time figuring how to accomplish…
w.brian
  • 16,296
  • 14
  • 69
  • 118
1
2
3
99 100