Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
40
votes
10 answers

How can I decode JWT token in android?

I have a jwt token like this eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ How can I decode this so that I can get the payload like this { …
aroM
  • 401
  • 1
  • 4
  • 3
40
votes
2 answers

express-jwt vs. jsonwebtoken

I have a feeling this is going to be a quick answer, but I can't seem to find any great definitive answers on the web - what is the difference between the jsonwebtoken npm package and the express-jwt npm package? I think express-jwt is written on…
bobbyz
  • 4,946
  • 3
  • 31
  • 42
39
votes
1 answer

How to set multiple audiences in Asp.Net Core 2.0 "AddJwtBearer" middleware?

I have an Asp.Net Core 2.0 WebApi which is authenticating against AAD: services.AddAuthentication(options => { options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => …
Skorunka František
  • 5,102
  • 7
  • 44
  • 69
39
votes
2 answers

Where to store a JWT token?

I'm implementing a REST service that requires authentication. I am using JWT. Now the Android App sends a request when logging in, gets a token, and has to send the token in the header for every subsequent request. My question is, how to store the…
mbtamuli
  • 697
  • 1
  • 7
  • 19
39
votes
3 answers

OAuth or JWT? Which one to use and why?

I am starting to learn about token based authentication and I am trying to learn how to implement it in Laravel 5. I have come across two very popular technologies for doing this but I am confused since I am new to both these technologies. This…
Rohan
  • 13,308
  • 21
  • 81
  • 154
38
votes
4 answers

Unauthorized (Invalid Token) when authenticating with JWT Bearer Token after update to .NET 6

After updating the package Microsoft.AspNetCore.Authentication.JwtBearer from version 3.1.14 to 6.0.1, requests with authentication fail with 401 Unauthorized "invalid token". What needs to be changed with the new package version?
Mo B.
  • 5,307
  • 3
  • 25
  • 42
38
votes
11 answers

Jwt Authentication error Argument 3 passed to Lcobucci\JWT\Signer\Hmac::doVerify()

I'm working on a project to learn laravel, I saw a couple of tutorials to use jwt auth in this. It was working good but now is show an error not always but I don't know why. this is it: Argument 3 passed to Lcobucci\JWT\Signer\Hmac::doVerify() must…
Esteban
  • 485
  • 1
  • 4
  • 6
38
votes
6 answers

Always getting invalid signature in jwt.io

I always get invalid signature when I input the generated token in jwt.io Here is my code for making the token const secret = 'secret'; const token = jwt.sign({ username: user.username, userID: user._id }, secret, { expiresIn: "1hr" …
thegreathypocrite
  • 2,293
  • 5
  • 15
  • 20
38
votes
4 answers

How to validate a JWT token

I'm trying to use JWT tokens. I managed to generate a valid JWTTokenString and validated it on the JWT debugger but I'm having an impossible time validating the token in .Net. Here's the code I have so far: class Program { static string key =…
Aterin
  • 557
  • 1
  • 6
  • 13
38
votes
2 answers

Where to store a JWT token properly and safely in a web based application?

I'm familiar with Web Storage APIs and cookies but I can't figure what is the most secure way to store an authentication token. I'm wondering if this might break any third-party libraries. I'd like to have an exhaustive list of available methods to…
Alex
  • 639
  • 2
  • 6
  • 11
38
votes
4 answers

How do I check for token expiration and logout user?

The user can logout himself when he/she clicks on the logout button but if the token is expired he/she cant logout because in my application, the token is used in both server side and front end. When user clicks on the logout button, the token from…
Serenity
  • 3,884
  • 6
  • 44
  • 87
38
votes
4 answers

How to verify a JWT using python PyJWT with public key

I've been struggling to get PyJWT 1.1.0 verify a JWT with public key. These keys are the defaults shipped with Keycloak. Most likely the problem is related to the creation of the secret key, but I haven't found any working examples for creating the…
Perttu T
  • 561
  • 1
  • 5
  • 7
37
votes
10 answers

Bearer error - invalid_token - The signature key was not found

I have an Angular 7 application interfacing with a .Net Core 2.2 API back-end. This is interfacing with Azure Active Directory. On the Angular 7 side, it is authenticating properly with AAD and I am getting a valid JWT back as verified on…
Patrick
  • 5,526
  • 14
  • 64
  • 101
37
votes
2 answers

Why and when should we use JSON Web Tokens?

I think that https://jwt.io/ does not explain very well why or when to use JWT. It explains other things that could be ok to consider but not critical to decide whether or not to use it or why it will be handy. My thoughts of why should we use JSON…
panox
  • 507
  • 4
  • 13
37
votes
7 answers

Get claims from a WebAPI Controller - JWT Token,

I have built an application which uses JWT bearer authentication in ASP.NET Core. When authenticating I define some custom claims which i need to read in another WebAPI controller in order to execute some actions. Any ideas How Can I achieve…
D.B
  • 4,009
  • 14
  • 46
  • 83
1 2 3
99 100