Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
124
votes
5 answers

Best practices for server-side handling of JWT tokens

(spawned from this thread since this is really a question of its own and not specific to NodeJS etc) I'm implementing a REST API server with authentication, and I have successfully implemented JWT token handling so that a user can login through a…
JHH
  • 8,567
  • 8
  • 47
  • 91
121
votes
2 answers

What's the meaning of the "kid" claim in a JWT token?

I generated a JWT and there are some claims which I understand well, but there is a claim called kid in header. Does anyone know what it means? I generated the token using auth0.com
tylkonachwile
  • 2,025
  • 4
  • 16
  • 28
121
votes
12 answers

JWT: 'module' object has no attribute 'encode'

I am getting a Module not found error when using jwt. Here is how I declared it: def create_jwt_token(): payload = { "iat": int(time.time()) } shared_key = REST_API_TOKEN payload['email'] = EMAIL payload['password'] =…
Arvind Kandaswamy
  • 1,821
  • 3
  • 21
  • 30
120
votes
2 answers

Is it safe to put a jwt into the url as a query parameter of a GET request?

Is it safe to put a jwt (json web token) into the url as a query parameter of a GET request?
allen kim
  • 1,705
  • 2
  • 14
  • 13
116
votes
7 answers

Is there any JSON Web Token (JWT) example in C#?

I feel like I'm taking crazy pills here. Usually there's always a million library and samples floating around the web for any given task. I'm trying to implement authentication with a Google "Service Account" by use of JSON Web Tokens (JWT) as…
Levitikon
  • 7,749
  • 9
  • 56
  • 74
115
votes
11 answers

Check if token expired using this JWT library

I've configured the token like this: jwt.sign( { user: pick(user, ['_id', 'username']) }, secret, { expiresIn: '2m' } ); But when I want to check if the token was expired, this code doesn't work: function isAuthenticated() { …
Andrés Montoya
  • 4,079
  • 4
  • 18
  • 33
115
votes
4 answers

How to use jti claim in a JWT

The JWT spec mentions a jti claim which allegedly can be used as a nonce to prevent replay attacks: The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a…
nw.
  • 4,795
  • 8
  • 37
  • 42
109
votes
11 answers

How to verify JWT from AWS Cognito in the API backend?

I'm building a system consisting of an Angular2 single page app and a REST API running on ECS. The API runs on .Net/Nancy, but that might well change. I would like to give Cognito a try and this is how I imagined the authentication workflow: SPA…
EagleBeak
  • 6,939
  • 8
  • 31
  • 47
102
votes
6 answers

How to decode the JWT encoded token payload on client-side in angular?

I am getting one JWT encoded access token from my API in response. But I am not able to decode it and get it in JSON format. I tried using the angular2-jwt library for it, but it did not worked. I am writing my code below: …
Sunny Parekh
  • 1,049
  • 2
  • 7
  • 8
98
votes
3 answers

Is a Refresh Token really necessary when using JWT token authentication?

I'm referencing another SO post that discusses using refresh tokens with JWT. JWT (JSON Web Token) automatic prolongation of expiration I have an application with a very common architecture where my clients (web and mobile) talk to a REST API which…
TheJediCowboy
  • 8,924
  • 28
  • 136
  • 208
98
votes
2 answers

What is the difference between JSON Web Signature (JWS) and JSON Web Token (JWT)?

I've been coding a RESTful service in Java. This is what I've understood till now: Token authorization is done using JSON Web Tokens (JWT) which have three parts: the header, the payload, and the secret (shared between the client and the server). I…
leo
  • 1,423
  • 2
  • 14
  • 23
92
votes
9 answers

JWT (JSON Web Token) library for Java

I am working on a web application developed using Java and AngularJS and chose to implement token authentication and authorization. For the exercise purpose, I've come to the point where I send the credentials to the server, generate a random token…
Marius Manastireanu
  • 2,461
  • 5
  • 19
  • 29
92
votes
3 answers

passport-local with node-jwt-simple

How can I combine passport-local to return a JWT token on successful authentication? I want to use node-jwt-simple and looking at passport.js I am not sure how to go about. var passport = require('passport') , LocalStrategy =…
cgiacomi
  • 4,629
  • 6
  • 27
  • 33
88
votes
8 answers

Unsupported Media Type in postman

I am implementing spring security with oauth2 and jwt. the below is my login function function doLogin(loginData) { $.ajax({ url : back+"/auth/secret", type : "POST", data : JSON.stringify(loginData), …
user7477092
86
votes
4 answers

Do I have to store tokens in cookies or localstorage or session?

I am using React SPA, Express, Express-session, Passport, and JWT. I'm confused about some of the different client-side storage options to store tokens: Cookies, Session, and JWT / Passport. Do tokens have to be stored in cookies, even if I can…
Faris Dewantoro
  • 1,597
  • 4
  • 17
  • 31
1 2
3
99 100