Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions

votes

4 answers

Is setting Roles in JWT a best practice?

I am considering to use JWT. In the jwt.io example I am seeing the following information in the payload data: "admin": true Admin can be considered as a Role, hence my question. Is setting the role in the token payload a habitual/good practice?…

asked Nov 10 '17 at 14:24

ayorosmage

1,607
1
15
21

votes

9 answers

How do I get current user in .NET Core Web API (from JWT Token)

After a lot of struggling (and a lot of tuturials, guides, etc) I managed to setup a small .NET Core REST Web API with an Auth Controller issuing JWT tokens when stored username and password are valid. The token stores the user id as sub claim. I…

jwt asp.net-core-webapi asp.net-core-1.1

asked Sep 08 '17 at 08:41

monty

7,888
16
63
100

votes

6 answers

JWT on .NET Core 2.0

I've been on quite an adventure to get JWT working on DotNet core 2.0 (now reaching final release today). There is a ton of documentation, but all the sample code seems to be using deprecated APIs and coming in fresh to Core, It's positively…

c# .net-core jwt jose

asked Aug 15 '17 at 04:25

Michael Draper

1,928
3
18
24

votes

8 answers

Authorization header in img src link

I have an api that uses jwt for authencation. I am using this api for a vuejs app. I am trying to display an image in the app using

But the api expects Authorization header with jwt token in it. Can I add headers to…

javascript html jwt

asked Oct 09 '17 at 09:22

Ragas

3,005
6
25
42

votes

3 answers

What is the difference between OAuth based and Token based authentication?

I thought that OAuth is basically a token based authentication specification but most of the time frameworks act as if there is a difference between them. For example, as shown in the picture below Jhipster asks whether to use an OAuth based or a…

authentication oauth oauth-2.0 access-token jwt

asked Jan 14 '16 at 08:19

Cemre Mengü

18,062
27
111
169

votes

5 answers

Best practices to invalidate JWT while changing passwords and logout in node.js?

I would like to know the best practices to invalidate JWT without hitting db while changing password/logout. I have the idea below to handle above 2 cases by hitting the user database. 1.Incase of password changes, I check for password(hashed)…

javascript node.js token jwt auth-token

asked Feb 27 '15 at 07:20

Gopinath Shiva

3,822
5
25
48

votes

7 answers

Verifying JWT signed with the RS256 algorithm using public key in C#

Ok, I understand that the question I am asking may be pretty obvious, but unfortunately I lack the knowledge on this subject and this task seems to be quite tricky for me. I have an id token (JWT) returned by OpenID Connect Provider. Here it…

c# rsa jwt openid-connect jwk

asked Dec 21 '15 at 20:28

Dmitry Nikolaev

3,803
2
19
23

votes

2 answers

Why header and payload in the JWT token always starts with eyJ

I am using JWT token to authorize my APIs, during implementation I found header and payload in token always start with eyJ. What does this indicate?

jwt

asked Mar 27 '18 at 15:49

Suresh Prajapati

3,991
5
26
38

votes

5 answers

How to set jwt token expiry time to maximum in nodejs?

I dont want my token to get expire and shold be valid forever. var token = jwt.sign({email_id:'123@gmail.com'}, "Stack", { expiresIn: '24h' // expires in 24 hours }); In above code i have given for…

node.js jwt

asked Jul 20 '17 at 06:42

Jagadeesh

1,967
8
24
47

votes

5 answers

Where to save a JWT in a browser-based application and how to use it

I'm trying to implement JWT in my authentication system and I have a few questions. To store the token, I could use cookies but it's also possible to use localStorage or sessionStorage. Which would be the best choice? I have read that JWT protects…

javascript web-services security cookies jwt

asked Oct 13 '14 at 12:41

softshipper

32,463
51
192
400

votes

3 answers

IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be greater than '128' bits. KeySize reported: '32'. Parameter name: key.KeySize

I was just working with Asp.Net Core Web API, and implementing Authentication. And I am calling this API from an Angular Application. But I am always getting an error as below. IDX10603: The algorithm: 'HS256' requires the SecurityKey.KeySize to be…

c# asp.net-core jwt

asked Nov 14 '17 at 07:26

Sibeesh Venu

18,755
12
103
140

votes

4 answers

JWT Token authentication, expired tokens still working, .net core Web Api

I'm building a .net core web api. Preface - I've implemented token authentication as per https://stormpath.com/blog/token-authentication-asp-net-core and https://dev.to/samueleresca/developing-token-authentication-using-aspnet-core. I've also read a…

authentication token jwt .net-core

asked Mar 27 '17 at 11:22

Jamadan

2,223
2
16
25

votes

5 answers

JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket

Background I am in the process of setting up a RESTful web application using Spring Boot (1.3.0.BUILD-SNAPSHOT) that includes a STOMP/SockJS WebSocket, which I intend to consume from an iOS app as well as web browsers. I want to use JSON Web Tokens…

spring spring-security websocket jwt sockjs

asked Jun 17 '15 at 09:37

Steve Wilford

8,894
5
42
66

votes

2 answers

Does it make sense to store JWT in a database?

I've implemented a basic authentication system with Spring Boot, Spring Security, OAUTH2 and JWT as auth tokens. It works alright but I was thinking if it makes sense to store JWT in a database and check if a token exists every time someone makes an…

spring rest security oauth-2.0 jwt

asked Mar 13 '17 at 12:00

laurentius

1,093
1
9
20

votes

2 answers

CSRF protection with JSON Web Tokens

I read that when using JWT, there is no need to protect against CSRF attacks, for instance: "since you are not relying on cookies, you don't need to protect against cross site requests". However, something I do not understand: if I store the token…

local-storage csrf jwt auth0

asked Feb 09 '16 at 12:01

JulienD

7,102
9
50
84

Prev 1 2 3

…

99 100 Next