Stack Overflow
Stack Overflow

Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is a type of token-based authentication used in space-constrained environments such as HTTP Authorization headers. Use this tag for questions relating to the configuration, generation and usage of JWTs in your code.

JSON Web Token (JWT, pronounced "jot") is a token format for use in space-constrained environments such as HTTP authorization headers. It is defined in RFC 7519.

JWTs encode security "claims" as JSON objects and the token can be signed and or encrypted. JWT is used by the OpenID Connect authenticatication standard.

More information about JWT and libraries for different languages can be found on the official JWT site.

17340 questions
5
votes
1 answer

How to verify Kubernetes service account token (JWT)

I created a service account and created a Pod associated to this service account. Inside the Pod I have the service account token: …
E235
  • 11,560
  • 24
  • 91
  • 141
5
votes
3 answers

How to sign/encrypt JWT in C# with PEM key?

I need to create custom tokens that need to be signed using a key provided by Google. The key is provided as text, like -----BEGIN PRIVATE KEY-----\nMIIE.... I had this working by using BouncyCastle to read the PEM key and get the RSA keys, but now…
CheloXL
  • 167
  • 2
  • 9
5
votes
2 answers

Should i get access-token from sessionStorage for each request?

So basically when I login my backend returns me a token so I store it like: // var token is global token = res.data.token; sessionStorage.setItem("token", token); And when I logout I just remove the items from sessionStorage and reset the…
user7056422
5
votes
1 answer

how to change tymon jwt authentication to use member model instead of user model in laravel 5.6?

In my project I have users and members tables and eloquent models. I'm going to use jwt authentication in members table and I changed corresponding config files, but still it goes to User model. Here is config/auth.php : return…
Ever Adm
  • 61
  • 2
  • 6
5
votes
1 answer

Issue with retrieval of the cert/secret for JWT authentication. (Node/Express/C#/IdentityServer)

I am having an issue with validating the JWT on the server side end of my node/express app. The token is being generated in Identity Server in an asp.net core app. The token that is generated is an RS256 token type, which means a private key and…
userlkjsflkdsvm
  • 961
  • 1
  • 21
  • 53
5
votes
1 answer

Why does JWT need to be sent as a Bearer Token header?

I am adding JWT Auth for a completely new frontend to a legacy Rails backend. Upon HTTP request, it seems most sources suggest I send the token back to the server via Bearer Header. Why? What is the additional value of sending via header (bearer or…
Kobi
  • 4,003
  • 4
  • 18
  • 23
5
votes
2 answers

How to prevent refreshing a stolen access token

The scenario is: you have refresh token that is valid for a longer period of time and an access token that is valid for a shorter period of time. The setup: There is a client, application server and authentication server. The client stores the…
Arthur
  • 71
  • 5
5
votes
1 answer

Error Creating JWT Token using RSA Security Key with key size less than 2048

I'm facing an exception when trying to create a JWT token in C# Web API application. Test environment Platform: Windows 10 x64 with .net framework: 4.6.1 jwt NuGet package: System.IdentityModel.Tokens.Jwt version: 4.0.2.206221351 Here is the code…
Shadi Mahmoodian
  • 94
  • 1
  • 10
5
votes
2 answers

Where to validate nonce in OAuth 2.0 Implict Flow?

I have the following architecture. Where: Client - is a single page JavaScript application. Authorisation server - is Azure AD. Resource server - is an Azure App Service using Azure AD authentication. All communications are secured using HTTPS. I…
James Wood
  • 17,286
  • 4
  • 46
  • 89
5
votes
2 answers

Class cast exception in JWT

I am creating a token string using JwtBuilder. But while extracting a value using a key, it is giving ClassCastException. For better understanding code snippet are provided below: Token creation: private JwtBuilder getJwtBuilder( String…
Niloy Datta
  • 365
  • 3
  • 14
5
votes
1 answer

Large cookie causing slowness issue in application

We have our production infrastructure in AWS. The servers are located in Ireland (eu-west-1) and our customer base is in UAE and Saudi Arabia. Our application is PHP based (Symfony + Yii). Recently, we deployed the JWT token functionality and we…
littleibex
  • 1,705
  • 2
  • 14
  • 35
5
votes
2 answers

How to implement refresh token in Spring Boot

I have followed this guide https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/ to implement access tokens in my web application and it is working fine. However, this guide does not mention anything about refresh token. Can anyone…
odke
  • 59
  • 1
  • 1
  • 3
5
votes
2 answers

How Jwt token really works in a login system?

I am struggle for a stable answer for this question and not getting any. My doubts are do we need to store the user name and password in the token and if yes then how that i.e where this data are getting store in the payload part is it in the…
Aniketh Saha
  • 843
  • 10
  • 22
5
votes
2 answers

Using flask-jwt-extended callbacks with flask-restful and create_app

I'm trying to create API tokens for my flask API with flask-jwt-extended. I'm trying to initialize the token_in_blacklist_loader but can't figure out the right way to do that. The problem is that token_in_blacklist_loader is implemented as a…
Daniel Kats
  • 5,141
  • 15
  • 65
  • 102
5
votes
1 answer

Spring security JWT refresh token not expiring

i am new to spring and i'm working on spring boot REST with spring security and currently I implemented JWT token. I have some questions but can't seem to find an answer to them. I tried adding a refresh token. At first i thought i will store it in…
Eivyses
  • 341
  • 1
  • 5
  • 13
1 2 3
99
100