Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
46
votes
3 answers

Understanding RSA signing for JWT

I'm implementing a sign in system with the help of the JWT (JSON Web Token) scheme. Basically, after a user sign in / login, the server signs a JWT and passes it to the client. The client then returns the token with each request and the server…
Liran Cohen
  • 1,190
  • 1
  • 9
  • 16
46
votes
1 answer

IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier

What might the reason be that I get the exception below when trying to validate a token. TokenValidationParameters validationParameters = new TokenValidationParameters(); validationParameters.ValidIssuers = new List() {…
Robert
  • 2,357
  • 4
  • 25
  • 46
45
votes
1 answer

JWT: What's a good secret key, and how to store it in an Node.js/Express app?

Firstly, what's a good method of generating a secret key? I should punch in a lot of random keys on my keyboard to generate one, but there must be a better solution to this. Explain the way to generate a very good key. Second, what's a good way to…
Sam
  • 6,414
  • 11
  • 46
  • 61
44
votes
3 answers

JWT Token strategy for frontend and backend

I'm writing an application with a front end in emberjs and backend/server-side in a nodejs server. I have emberjs configured so that a user can login/signup with an 3rd party Oauth (google, twitter, Facebook). I have a backend written in express…
ed1t
  • 8,719
  • 17
  • 67
  • 110
43
votes
1 answer

Verify a signature in JWT.IO

I have generated the following token and am trying to verify the signature with http://jwt.io I have also attached the contents of my jwks endpoint that should have all the details I need to verify. So my question is: how do I get this to say…
Jeremy Gray
  • 1,378
  • 1
  • 9
  • 24
42
votes
3 answers

Authenticating the request header with Express

I want to verify that all our get requests have a specific token in their authentication header. I can add this to our get endpoints: app.get('/events/country', function(req, res) { if (!req.headers.authorization) { return res.json({ error:…
kambi
  • 3,291
  • 10
  • 37
  • 58
42
votes
5 answers

How to decode a JWT token in Go?

I am currently working on a Go application. I receive a JWT token from the client side and I need to decode that token and obtain the relevant information: user, name, etc. I was checking the libraries that are available to handle JWT tokens and I…
Sredny M Casanova
  • 4,735
  • 21
  • 70
  • 115
42
votes
5 answers

The audience is invalid error

I have 3 projects 1- Javascript SPA 2- Web API Project, 3- IdentityServer with EF Core I started debugging API and Identity Server and successfully get the jwt token but, when I try to get value from API method which has Authorize Attribute I get an…
Okan Aslankan
  • 3,016
  • 2
  • 21
  • 26
42
votes
3 answers

Should I store JWT tokens in redis?

I'm building an application with ExpressJS, Mongodb(Mogoose). Application contains routes where user has to be authenticated before accessing it. Currently I have written a express middleware to do the same. Here with the help of JWT token I'm…
manish keer
  • 1,847
  • 3
  • 17
  • 25
42
votes
1 answer

How safe is JWT?

I am learning about JWT for the security of my project, but I have a question. If I recieve the token correctly after I did the login, but someone else (hacker) in other place steals this specific token, can he access to my session? The server that…
in3pi2
  • 877
  • 1
  • 11
  • 22
41
votes
6 answers

Web api core returns 404 when adding Authorize attribute

I am new to .net core, and I am trying to create web api core which implements jwt for authentication and authorization purposes. Inside Startup class I configured it this way: public class Startup { public Startup(IConfiguration configuration) …
Simple Code
  • 2,354
  • 2
  • 27
  • 56
41
votes
3 answers

How do I store JWT and send them with every request using react

So happy right know because I got my basic registration/authentication system going on. so basically I got this : app.post('/login', function(req,res) { Users.findOne({ email: req.body.email }, function(err, user) { if(err) throw err; if(!user) { …
MaieonBrix
  • 1,584
  • 2
  • 14
  • 25
41
votes
1 answer

Where to store user id in jwt

I am generting a jwt for an api token. I am putting the user id into that jwt so I know who is calling into the api. Where do I put the user id in the jwt. I have seen many different examples that put it in 'sub', 'aud' and even 'iss'. Which is…
lostintranslation
  • 23,756
  • 50
  • 159
  • 262
40
votes
3 answers

Authentication between microservice approach

I am currently building an API based around a microservices architecture. I am using JWT to authenticate users. I understand that when a user sends a login request a JWT containing the users identity and their roles/permissions etc is returned. This…
mwild
  • 1,483
  • 7
  • 21
  • 41
40
votes
11 answers

How to sign a JWT using RS256 with RSA private key

I am using the jose-jwt library and want to create a signed JWT in C# using the RS256 algorithm for encryption. I have no experience with cryptography, so please excuse my ignorance. I see the following example in the docs: var payload = new…
FullStack
  • 5,902
  • 4
  • 43
  • 77
1 2 3
99 100