Questions tagged [jwt]

JSON Web Token (JWT, pronounced "jot") is an emerging type of token-based authentication used in space-constrained environments such as HTTP Authorization headers.

Filter by
Sorted by
Tagged with
0
votes
0answers
7 views

Mobile app/API security: will a hardcoded access key suffice?

I'm building a mobile app which allows users to find stores and discounts near their location. The mobile app gets that information from the server via a REST API, and I obviously want to protect ...
0
votes
0answers
10 views

how to get jhipster jwt private key?

I am creating multiple microservice applications with jhipster. I am using UAA server for authentication and tasks related to users. I need to manipulate the JWT that jhipster creates and add a few ...
0
votes
0answers
12 views

How to restrict a user to THEIR resources using JWT when there is no identity in the Access Token?

We have a REST resource like this: /customer/{customerId}/bill We want to use the JWT tokens returned from AWS Cognito to secure access to this resource. The {customerId} here is not the Cognito ...
0
votes
0answers
5 views

Does Facebook use sessions or access tokens for their web application?

I'm honestly curious if Facebook uses Sessions or Tokens after authentication? I looked this up on google and no one had an answer. Sorry for this unimportant question. But i'd really like to know. ...
0
votes
0answers
20 views

Angular login post Function Doesnt catch request ,but works fine with postman

Even when the credentials email and password are correct, index_post method's invalid condition only works.From my investigation i think in angular api.Services.ts loginUser() not passing object 'user'...
0
votes
0answers
13 views

How to get non-expired wordpress jwt token from postman to set on flutter ecommerce config file?

I have e-commerce flutter application, backend is Wordpress, API communication, so every-time get product info from Wordpress will need bearer token that I it store on config file, i request once ...
0
votes
1answer
11 views

Vertx JWKS/JWT verification throws a 500 with no errors logged

I have a very basic Vertx demo I'm trying to create that fetches a JWK from an endpoint and creates an RSAPublicKey for verifying a JWT signature: package example; import com.auth0.jwk.JwkException; ...
0
votes
0answers
18 views

How to use social login to access my own resource server protected by signed JWT

I have created a very simple resource server, which is protected by a signed JWT token. My Resource server contains one simply endpoint. Is it possible to create a separate project that will use ...
1
vote
1answer
37 views

JWT “self” authentication in Net Core 2.2 MVC WebApi

I want to improve my API's security with some sort of "self" policy to validate the call to some user actions (like DELETE user) is made by the same user the token was issued to. Is there a way to do ...
0
votes
0answers
19 views

How do you store the access token in your browser for the next api access point in node.js?

I'd like to know how I can use the access token I got to access the next api end point protected by auth. To be more specific, how can I use that Authorization bearer thing to store token in my ...
0
votes
1answer
23 views

Quarkus MicroProfile JWT auth via JWKS

I'm attempting to use a JWKS endpoint to supply a public key for verifying a JWT signature. In my application.properties, I've set the following: mp.jwt.verify.publickey.location = http://localhost:...
0
votes
2answers
24 views

How to keep a user logged in after page refresh

I have a simple web application that a user can create an account and login ... whenever a user log in i am generating a json-web-token for him and storing it on his database object ... im using that ...
1
vote
0answers
10 views

UnauthorizedError: jwt malformed error when authenticating

Im using Auth0 for authenticating users for my react application.I have been trying to access resources on server side but I keep getting UnauthorizedError: jwt malformed as an Error. I’ve followed a ...
1
vote
1answer
13 views

user log in while forgot password process begun, let im in?

I'm in the middle of implementing "forgot password". my auth is via jwt access token. (user log in, gets an access token, sends it with the rest api calls). so let's say the user which currently isn'...
0
votes
0answers
34 views

iOS Keychain data getting lost on app upgrade [on hold]

I am using Simple Keychain wrapper. Storing JWT token in keychain using - A0SimpleKeychain().setString(token, forKey:"user-jwt") And using the following to retrieve it back - A0SimpleKeychain()....
0
votes
0answers
9 views

How to have different user 'types' (e.g. Customer, ProductReviewer) with Rails API (using Knock jwt)

I'm using Knock with my Rails API app for jwt authentication. I have 3 types of users. 1) Admin - I'm using ActiveAdmin and admin is set up using devise (and is working fine) 2) User - this is my ...
0
votes
0answers
17 views

What is the issue that is causing Payload Error in JWT using Django

I want to authorise an API using login token using JWT but when i run the code it gives me invalid payload error.I have already added necessary modules that needed to be added. This is for a project ...
0
votes
1answer
60 views

API Platform authorization vs authentication

I'm developing an API using API Platform and I'm struggling with how I can secure the API. My frontend application (a blog site) has content that don't require a user to log in to see (public content)...
0
votes
0answers
22 views

Should I store JWT in redis?

I want to have a feature which shows user's current sessions (All devices the user has logged in) in my apps (React web app and Android App) so that they can terminate other sessions or I can log them ...
1
vote
1answer
41 views

.Net core JWT Custom Expired Token Response

I have configured my web API to work with JWT and one time refresh tokens. However I would like to modify the standard JWT middle-ware to response back to my clients who have expired tokens with HTTP ...
1
vote
1answer
33 views

How to use JWT with WebSocketChannel in Flutter

I have an existing Websocket Channel which needs authenticate user by his JWT in order to send/receive messages using this socket connection. The problem is - I don't know how to send my access token ...
1
vote
0answers
14 views

Getting NetworkError when setup apollo-client headers

I'm setting up token authentication in apollo-client with react-native, but my app shows NetworkError. It works fine if I remove all authentication settings. Error screenshot This is for a local ...
0
votes
0answers
18 views

Security - CSRF Prevention Useless Without XSS Prevention?

I'm developing a serverless application on AWS and a static frontend using Svelte.js with Sapper. For user management I'm using AWS Cognito User Pools. Cognito returns JWT tokens when performing auth ...
1
vote
1answer
69 views

Django REST Framework requires hashed password to login

Django requires me to send a hashed password to get my JWT token. When I send the following request via postman I get a "CustomUser matching query does not exist" error. { "user": { "email"...
0
votes
0answers
22 views

Public REST API Authentication and Authorization using AWS Cognito

I'm developing a REST API that will be accessed by customers, and I'd like to use AWS Cognito to handle authentication and authorization. However, I want to abstract AWS Cognito from my customers, so ...
0
votes
1answer
56 views

How to fetch Azure ID Token to use for authorization within webapi?

We are about to run D365 CRM in Azure and now we are trying to find out how to authorize a call to our onprem api. The scenario is simplified like; A user is saving an annotation in D365 CRM and when ...
0
votes
0answers
28 views

Looking for light weight Android JWT library [on hold]

Looking for JWT library for Android which is less than 100 KB and with no additional dependencies. The options available from Nimbus, AuthO are more than 300 KB in size. It would be good if someone ...
0
votes
0answers
24 views

Unable to access authorization headers from HTTP response [duplicate]

I'm having following piece of code authenticate(username: string, password: string) { this.callAuthenticationEndpoint(username, password).subscribe(resp => { console.log(resp.headers) ...
0
votes
1answer
25 views

How to make a correct password encryption in django users?

I would like to learn how to use JSON web-token authorization in Django. I am a newby in django, so I find several tutorials and followed them EXACTLY step by step. I have user model in my app: ...
0
votes
1answer
17 views

Is it possible to eliminate private key attack vector when using JWTs for authentication?

I envision the following authentication scheme with JWT: client authenticates against a /login API endpoint with { userName, password } server verifies userName+password against the stored hashed ...
0
votes
1answer
29 views

How can I access JwtBearer authentication handler configuration in a controller action?

I have an ASP.NET Core web application configured to use JWT bearer tokens for authentication: // Setup.cs // ... public void ConfigureServices(IServiceCollection services) { services ....
0
votes
0answers
34 views

How to create jwt without typ in header? [on hold]

I'm trying to generate a token using PyJWT but without '"typ": "JWT"' in header cause that will change signature import jwt private_key = open('p-key').read() payload = {"userid": 123} token = jwt....
0
votes
0answers
20 views

Login using spring boot angular 7 cookies

In a personal project, I create a website. The back is in Java with the use of Spring and the front is in Angular. I arrive at the fateful moment where I have to manage the creation of the users as ...
0
votes
1answer
16 views

Keycloak impersonation API not implemented

I've been trying to use the Keycloak Impersonation API (semi-recent addition) to get an access token for another user. I have created a semi-successful CURL request based on the docs and another ...
0
votes
1answer
33 views

JWT C# Token - How to handle or set unlimited expiry time

As I am planning to have OAuth or OWIN JWT Bearer token for my authentication, I have following requirements for which I dont know the solution or grant type to suggest. I would appreciate a small ...
0
votes
1answer
65 views

Use the same URL to login and retrieve data

I'm implementing Spring Security on API-REST, of we are developing. My product manager told us to use the same url to return data and to login. This url, as a POST, and that wait a JSON. I can't ...
0
votes
1answer
62 views

AspNetCore rejects preflight messages

We have a HttpSys listener which should accept authentication as either NTLM, Negotiate or JWT. Problem is that it looks like HttpSys rejects both preflight messages and messages with Bearer token (...
-2
votes
0answers
51 views

How to implement JSON Signature [closed]

I have an MVC website with Web API, where I issue JWTs. I want to sign these JSON tokens with using a public key signature etc. so wanted some guidance or suggestive links to implement the same, to ...
0
votes
1answer
37 views

Getting JWT token in ReactJS after redirecting to the Facebook callback link in the ExpressJS api

I would like to have your proper opinions about my following situation: Server-side: I have a backend API implemented using Express JS on NodeJS. The authentication system is based on JWT token-based ...
1
vote
1answer
124 views

How do I add a Bearer Token to the header of a HTTP request?

I am having trouble figuring out how to set authorization headers with authorization as the key and a bearer token as the value. I have completed a web API with authentication built into it. i have ...
1
vote
1answer
46 views

What is encoded in refresh token

As far as I know the auth token consists of JSON header, payload and signature encoded in base64. But what is encoded in a refresh token?
0
votes
0answers
40 views

Vue.JS authenticate SPA using laravel 5.8 API on a different domains

I'm working on a SPA having 2 different domains: www.domain.org for frontend (vue.js) and api.domain.org (Laravel 5.8) for backend. For auth I use JWT (with tymon/jwt-auth) having on frontend this: ...
0
votes
0answers
30 views

ERROR MESSAGE: Gateway error: There is no JWT token in the request (PHP - CURL) [closed]

I'm trying to do a GET request in an API. I'm using the cURL method, putting the token in the header of the request. Do you know why I'm still getting this error message? I hope my english is clear ...
0
votes
1answer
18 views

Check JWT exp field by comparing longs

I want to check if my JWT token is still valid(exp is still in the future) but I am not sure I did it the right way. My checking function - public boolean checkForValidExpField(String jwtToken) ...
0
votes
0answers
17 views

Authorize Attribute not working with JWT Access Token in ASP.Net Core

Trying to setup JWT with Ast.Net Core app and somehow when I use the [Authorize] attribute on the method it shows Bearer error="invalid_token" Not sure what I am missing here. AppSettings: "Jwt": { ...
0
votes
0answers
47 views

What is the best way of using token in react? [closed]

I'm logging in to a REST api and receive a token, I save it to local storage, but the question is: every time I want to use it, do I read it from local storage, or should I add it to the state and ...
0
votes
1answer
18 views

Using optionally authorized routes with passport and express

I would like to make some currently authenticated routes to be optionally authenticated. So that on my routes I could just simply add a public middleware to my router in a following manner: .get('/...
0
votes
1answer
27 views

Problem getting a security token when using Json Web Token in a web API

I am unable to get a security token when providing the web API with the proper validations. I have already made a working web API. I am now adding a j.w.t authorization to get into the data. I have ...
0
votes
0answers
15 views

How to pass token to backend API's in API-Umbrella

We have implemented Micro-Service Architecture for our API development and I am using API Umbrella as the gateway for all the micro-services. All the api's in the micro-service are using JWT token ...
-1
votes
0answers
22 views

get JWT with require.js instead of require() in Google Sites [duplicate]

I need to embed a JS code with this line in Google Sites: <script> var jwt = require("jsonwebtoken"); </script> However, I get Uncaught ReferenceError: require is not defined I think ...