Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
5
votes
2 answers

React - useEffect running even when there was no change in state variable

I have an endpoint in my kotlin app that looks like this: either.eager { val sessionAndCookieUser = commonAuth.decryptCookieGetUser(getCookie(context), ::userTransform).bind() val user =…
Leff
  • 1,968
  • 24
  • 97
  • 201
5
votes
4 answers

Where and how to store the access token and refresh token

I have a dotnet core 2.2 MVC web application which uses a web api to perform some database queries. I have implemented JWT token based authetication for web api. Tokens are generated at the api and the web application has received the access token,…
Reshma
  • 99
  • 1
  • 2
  • 9
5
votes
2 answers

Bind ASP.NET Core action parameter to JWT claim

It is possible to bind actions' parameters via: [FromBody] Request body [FromForm] Form data in the request body [FromHeader] Request header [FromQuery] Request query string parameter [FromRoute] Route data from the current…
lonix
  • 14,255
  • 23
  • 85
  • 176
5
votes
1 answer

jwt.verify() returns jwt expired when the expiration is 24h

I used jwt to create a token: const jwt = require('jsonwebtoken'); const token = jwt.sign({ filePath: "path/to/file" }, 'secretKey', { expiresIn: "24h" }); try { console.log(token) var decoded = jwt.verify(token, 'secretKey'); } catch(err) { …
Slim
  • 5,527
  • 13
  • 45
  • 81
5
votes
2 answers

How to pass custom extension attributes from Azure Active Directory in JWT token at login?

I have custom extension attributes in an Azure Active Directory (mapped via Azure AD Connect). The extension attributes on Azure AD take the form extension__. I want to expose several extension attributes to an application…
Norbert Winkler
  • 51
  • 2
5
votes
3 answers

Stop Race Condition of Refresh Token?

I got a reactjs site and asp.net core backend and I am having a problem with refresh tokens. When someone logs into my site they are given a access token and refresh token (pretty standard). Now I set a timer that is shorter than the time of the…
chobo2
  • 83,322
  • 195
  • 530
  • 832
5
votes
2 answers

How are you supposed to store access tokens?

We are building an application with a React/Redux frontend and a NodeJS/Express Backend. I, not being a security expert, opted to go with Auth0 to handle Authentication. Auth0 returns an ID Token and an Access Token when a user logs in, this access…
Matt Weber
  • 2,808
  • 2
  • 14
  • 30
5
votes
1 answer

Firebase Auth verify JWT ID Tokens without SDK with NodeJS

Using NodeJS, how can I verify the JWT (idToken) provided by Firebase Auth, without Firebase Admin SDK?
anni
  • 1,403
  • 1
  • 24
  • 33
5
votes
1 answer

How to save JWT Token in Vuex with Nuxt Auth Module?

I am currently trying to convert a VueJS page to NuxtJS with VueJS. Unfortunately I have some problems with authenticating the user and I can't find a solution in Google. I only use Nuxt for the client. The API is completely separate in express and…
Jakob Kühne
  • 915
  • 2
  • 12
  • 26
5
votes
0 answers

invalid_token:Cannot convert access token to JSON

I get error while refreshing the token(grant_type=refresh_token). It seems that user did not use the application for long time and both access token as well as refresh token expired. When app now tried to refresh token, it gets the error { "error":…
Venky
  • 474
  • 1
  • 6
  • 17
5
votes
1 answer

How to expire the existing JWT token?

In my new company here is our OAuth flow User enters the username and password. Password service authenticates it and call to central Oauth service(developed internally). Oauth service generates some access_token(AT) and stores it in DB with…
user3198603
  • 5,528
  • 13
  • 65
  • 125
5
votes
5 answers

401 Unauthorized : WWW-Authenticate: Bearer

I've seen similar threads to this issue, but I had no luck solving it. LogIn worked successfuly but when I try to GET data of the user loggedIn in my home page I receive this error 401 Unauthorized the same erroe is showen also in Postman My…
Souha Khemiri
  • 396
  • 1
  • 5
  • 14
5
votes
1 answer

ASP.NET Core 2.2 JWT Authentication

I've been learning about ASP.NET Core 2.2 recently and trying to develop a Role-Based login sample(Website + Web API) using JWT token. Definition is simple: if user's role is "admin" then it redirects to admin page. if user's role is "user" then…
vishwas-trivedi
  • 516
  • 2
  • 8
  • 26
5
votes
1 answer

Node js JWT to verify token using Google's public keys

I'm reading the https://developers.google.com/actions/identity/google-sign-in guide for the authentication flow. Now I need to access the user's profile information so I'm using the JWT library with the code: var decoded = jwt.verify(token,…
July
  • 516
  • 1
  • 7
  • 25
5
votes
1 answer

How to use AWS Cognito for unauthenticated users?

I'd like to use AWS Cognito (User Pools and Identity Pools) for managing access to my web app. This web app is a report generator. It generates reports from gathered sensors' data. The possible scope of requested data should vary between users. Some…
Defozo
  • 2,946
  • 6
  • 32
  • 51
1 2 3
99 100