Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
70
votes
3 answers

ValidationError: "expiresInMinutes" is not allowed NodeJs JsonWebToken

I am using NodeJs with JsonWebtoken Module. I am facing this error when calling sign method of json web token ValidationError: "expiresInMinutes" is not allowed var jwt = require('jsonwebtoken'); exports.authenticate = function(req, res, next)…
Abdul Rehman Sayed
  • 6,532
  • 7
  • 45
  • 74
67
votes
4 answers

What's the best way to save jwt tokens in flutter apps?

Not just where (eg: SQLite...) but also how (libs, best specific practices)?
zeucxb
  • 1,054
  • 1
  • 11
  • 19
67
votes
3 answers

Difference between JWT and SAML?

What are the main difference between JWT (Json Web Token) and SAML? Can you suggest me any examples of these with spring security?
Jamsheer
  • 3,673
  • 3
  • 29
  • 57
63
votes
4 answers

Is it more efficient to store the permissions of the user in an JWT claim or to check it on the server at every request?

JWT is an great way to make sure the data send to the user and back is not tampered with, but that makes for some tough choices. At the moment I am in the dilemma of choosing between storing the authorization data in an JWT claim and only touch the…
Tom Stock
  • 1,098
  • 1
  • 12
  • 26
63
votes
1 answer

Laravel Passport vs JWT vs Oauth2 vs Auth0

Confusion about API auth types in Laravel? I'm currently learning how to create an API in Laravel and I found myself into this confusing concepts. After a few days of research and practice, I could finally understand enough this concepts to make a…
ibitebyt3s
  • 2,992
  • 2
  • 15
  • 25
63
votes
8 answers

socket.io-client how to set request header when making connection

I'm trying to set a http header when socket.io client makes the connection request. Is there a way to do this? Here is what i'm doing: // server side var io = socketio(server); io.use(function (socket, next) { // authorize using authorization…
Ziyu
  • 1,047
  • 2
  • 10
  • 9
62
votes
6 answers

Handling expiry/"remember me" functionality with JWT

Conceptually, I really like JWT as it is in line with the statelessness of REST etc (no state saved server-side, all relevant data is contained in the token). What I am unsure about: how would you handle token expiry when not connected (ie, a…
arnuschky
  • 2,159
  • 1
  • 19
  • 15
61
votes
4 answers

How to use Redux to refresh JWT token?

Our React Native Redux app uses JWT tokens for authentication. There are many actions that require such tokens and a lot of them are dispatched simultaneously e.g. when app loads. E.g. componentDidMount() { dispath(loadProfile()); …
lanan
  • 2,742
  • 3
  • 22
  • 29
61
votes
3 answers

JSON Web Token (JWT) benefits over a database session token

With a database session token system I could have a user login with a username/password, the server could generate a token (a uuid for example) and store it in the database and return that token to the client. Every request from thereon would…
ajeetdl
  • 1,254
  • 1
  • 13
  • 17
60
votes
4 answers

Service Applications and Google Analytics API V3: Server-to-server OAuth2 authentication?

I'm trying to make a server application to routinely pull Google Analytics data from my own GA account. Note, it is a personal, server-side application accessing my own data, i.e. there is no end-user accessing this application. As such, I…
moon prism power
  • 2,347
  • 2
  • 15
  • 24
60
votes
3 answers

Usage of nbf in json web tokens

nbf: Defines the time before which the JWT MUST NOT be accepted for processing I found this definition about nbf in json web tokens. But still wondering what the usage of nbf is? Why we use this? Does it relate to the term of security? Any idea…
Vahid Najafi
  • 4,654
  • 11
  • 43
  • 88
59
votes
2 answers

How to store a JWT token inside an HTTP only cookie?

I have created an app that simply uses a JWT sent by the server upon correct login credentials, and authorizes against any /api route on my backend Express.js server. AngularJS, on the other hand, took this token, stored it in session storage, and…
user6823414
57
votes
3 answers

Using JWT to implement Authentication on Asp.net web API

I have been reading about JWT. But from what I read it is not an authentication mechanism but more like a crucial component in a Authentication mechanism. I have currently implemented a solution which works, but it was just to try out JWT and see…
Zapnologica
  • 22,170
  • 44
  • 158
  • 253
54
votes
4 answers

JWT Private / Public Key Confusion

I'm trying to understand the logic of using JSON web tokens with private/public keys (RS512) when signing a payload of data sent from a client (in this case, a React Native App) to my server. I thought the whole point of private/public keys was to…
Marc
  • 1,470
  • 2
  • 16
  • 25
53
votes
2 answers

Conflict between System.IdentityModel.Tokens and Microsoft.IdentityModel.Tokens

I have a conflict when using System.IdentityModel.Tokens : using System; using System.Configuration; using System.Data; using System.Data.SqlClient; using System.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; using System.Text; public…
Cooxkie
  • 6,740
  • 6
  • 22
  • 26
1 2 3
99 100