Questions tagged [jwt]

1

votes
1

answer
375

Views

Which binaries should I go for JWT for java?

I am the novice to JWT token usage, while reading came to know from jwt.io that there are six versions with different types of binaries are available as below. com.auth0 / java-jwt / 3.3.0 org.bitbucket.b_c / jose4j / 0.6.3 com.nimbusds / nimbus-jose-jwt / 5.7 io.jsonwebtoken / jjwt / 0.9.0 com.inv...
Abdul Gafoor
0

votes
0

answer
4

Views

Oauth good way to login hybrid/native app?

I'm working in an hybrid app for mobile and I have a problem about how I can do the login. I have read a lot about oauth2, spring security and jwt and I builded a spring-boot project to try that. I used in that project oauth2 with password grant-type, where the user type password,username,clientid a...
cloudmanSoldier
1

votes
2

answer
629

Views

NextJS auth with an external server

I'm working with auth in Nextjs, I'm wondering what is the best strategy to handle authentication in NextJS ? Here my services structure : If I understand well I have to handle the server side rendering in NextJS, so I understand I have to put cookies from my external server to my NextJS client, th...
Webwoman
1

votes
2

answer
280

Views

How to extend the Spring Security's @Preauthorize with custom validating rule?

Spring Security provides some convinent method-control annotations: @PreAuthorize('hasRole('ADMIN')') @PreAuthorize('hasAuthority('ROLE_ADMIN')') @PreAuthorize('hasPermission('ADD')') I want to extend it with some custom method like @PreAuthorize('hasCompany('XX')') and its validation data should...
rellocs wood
1

votes
1

answer
336

Views

Where is safest to store Json Web Tokens JWTs in client side?

Hello stackoverflow community! We build an SPA app with nuxts.js framework and we arrived to the point which is the safest way to store a JWT token from our backend API service. We have two options cookies with httpOnly flag versus localStorage. I read a ton of articles about the comparison of this...
Vasileios
1

votes
1

answer
69

Views

Does sprint security JWT implementation deal with alg:none attack? [closed]

JWT implementations might be exposed to different attacks, one of them is the 'alg:none' attack (see more details here). I'm using 'spring-security-jwt' dependency in my pom.xml file, and was not able to find out whether this implementation deals with the 'alg:none' attack. Is this attack mitigated...
omer
1

votes
1

answer
72

Views

Get user ID from JWT (JSON web token)

I am using the plugin to authenticate WordPress using api-rest : JWT Authentication for WP REST API From the request to the server I get the following answer: { 'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvbWlob3N0Lm9yZ1wvcHJ1ZWJhcyIsImlhdCI6MTU1MzcyNDM4MSwibmJmIjoxNTUzNzI0...
Mario Burga
2

votes
0

answer
20

Views

How to fix 'http: named cookie not present' in golang?

I'm building a small dinner/plan management application (with the use of microservices) for a couple of people I know. The intention is that each person can login to their own account and can then authenticate to other services using a bearer token (JWT). This bearer token is stored in a cookie. How...
Abe Brandsma
0

votes
0

answer
6

Views

How do we pass authentication token in headless chrome in google puppeteer?

I want to pass authentication token(JWT) in puppeteer headers, for the pdf view with headless chrome in my application? We are using react as our front-end UI. And using puppeteer we are able to generate pdf, but the link to pdf we need to authorize using JWT How do we pass the jwt in headers, does...
uppu
1

votes
1

answer
2.4k

Views

User authentication with JWT in NodeJs with postgresQL?

I have been looking into user authentication with JWT in Node.js but everybody seems to be using mongoDB. I want to do the same thing with postgresQL and sequelize.js. Any resources or sample projects you guys know?
1

votes
2

answer
33

Views

laravel 5.5 not support jwt auth lib

I am new in Laravel and using JWT auth in laravel 5.5.18 but its not working for me its give error in api login Interface 'Tymon\JWTAuth\Contracts\JWTSubject' not found' Can any one help me how to fix it. Thanks
Priyanka Sankhala
0

votes
1

answer
54

Views

.NET Core and JSON Web Tokens, still need Owin?

first time doing this in .net core, I've set up JWT auth / ASP Identity database using these tutorials, both of which are quite good: https://www.youtube.com/watch?v=yH4GhmTPf68 https://www.youtube.com/watch?v=vEU9SDmIvVY However, when I set this up a few years ago, I used OWin. I'm having trouble f...
AS2012
1

votes
0

answer
130

Views

Laravel - How can I authenticate users from cached user object in Laravel? (using JWT)

I'm using the Laravel Tymon package for JWT user authentication. I'm also caching every user object after a new user is created and saved in the database so that I can load the data faster on selects. The authenticate() method in the Tymon package takes the token as an input and uses the user model...
Ryan
1

votes
1

answer
763

Views

Laravel JWT Authentication without User Model

I'm trying to build a laravel application and API for mobile users in the same project. The main web is actually a backend of a website and require proper authentication that I have already implemented. And the api also need to authenticate but with different credentials (not user model from web). A...
AHSAN
1

votes
0

answer
67

Views

Spring - How to secure Server Sent Events

I want to to use Springs Server Sent Events to update specific parts in a Angular frontend. I want that only authorized user can subscribe to the Server Sent Events. That's not the problem but how can I check if the user is still authorized to retrieve the push messages after e.g. the session is exp...
meleagros
1

votes
0

answer
424

Views

JWT-Auth responds token_not_provided when i try to validate the token

As far as i know everything is proper in back end that is Laravel, because its working well in Postman, but when i try to validate token from front-end (Angular 4) JWT-Auth throws error {'error':'token_not_provided'} This is how my request header looks like. POST /api/user HTTP/1.1 Accept:...
Suroor Ahmmad
1

votes
0

answer
622

Views

Session validation failed ZF3

In the mobile application, we are using API which is made using Zend Framework. Whenever a user tries to get the login to the app, they get authenticated using the JWT token. But sometimes Zf3 gives exceptions as: Service with name \'Zend\Authentication\AuthenticationService\' could not be created....
KishuDroid
1

votes
1

answer
386

Views

How to logout in laravel Multi Auth using JWT

I need help with this. i successfully set up multi auth in laravel using JWT-Auth In login functions I put this links And its work perfect. Config::set('jwt.user', 'App\Models\User'); Config::set('auth.providers.users.model', \App\Models\User::class); But in Logout function i put same line but its...
Saiful Azam
1

votes
1

answer
246

Views

How to handle JWT Authentication with Spring when implementing a CQRS pattern?

Using the latest Spring Cloud and Spring Boot, I've got a micro services layout with a Zuul gateway. At the moment when a user sends a get request their JWT token gets added to the request and that goes off to the microservice where they're authenticated and things go as usual. This all works perfec...
Chris Turner
1

votes
0

answer
711

Views

How to add roles to Spring Boot security from a Zuul filter

I am developing a Spring Boot REST application that has a custom token authentication system. The token holds the roles for the user as claims. A Zuul proxy routes the traffic to multiple spring boot microservices and I would like to add a filter to the Zuul so that it extracts the roles from the to...
icordoba
1

votes
1

answer
101

Views

Jose4j: HttpsJwks thread safe?

Anyone know if HttpsJwks usage is thread safe? We got about 60 - 100 calls per second in an application where we are going to use HttpsJwks, but I don't see any locking when it comes to refreshing Jwks. Also, HttpsJwksVerificationKeyResolver directly call's refresh if it fails to find a key. Kind re...
Kenneth Gunnerud
1

votes
1

answer
878

Views

Laravel 5.5/Angular JWT logout

I have an issue with logging out using JWT package. On Angular side I am removing the token from local storage and calling Laravel API: logout(): void { this.cacheHandler.clearCache(); return this.http.get(environment.apiUrl + 'logout') .toPromise() .then(response => { const responseData = response....
Norgul
1

votes
1

answer
265

Views

Is it safer or unnecessary to encrypt a JWT with one key agreed upon by all programers of a project?

I am currently working in a e-commerce project in which i am designing the Server-Side of an API (in PHP on Laravel 5.5) while my two colleagues are designing the Android and Ios apps which will get all their data from my side. The communication of sensitive and non-sensitive data will be done enti...
Frank.Lowell
1

votes
1

answer
115

Views

How to verify JWT?

I'm unsure of the examples in Google's documentation. How do I verify a JWT produced by Firebase, in a Google App engine flexible service? main.go: // ... func main () { InitializeAppWithServiceAccount() go lib.GetStockData() http.HandleFunc('/_ah/someendPoint', SomeHandler) } func InitializeAppWith...
cbll
1

votes
0

answer
630

Views

Use basic and jwt authentication in different routes with Adonis JS

I am developing an app with Adonis JS and I have a problem with authentication. I intend to use two authentication schemes for this app: basic and jwt. Set the authenticator field with jwt in the auth.js file 'use strict' module.exports = { /* |-------------------------------------------------------...
Ernesto Rojas
1

votes
0

answer
265

Views

How do I authenticate multiple guards in one channel in Laravel?

I'm building a real time application in Laravel with custom guards using JWT: person-api for Person and worker-api for Worker. They represent different models, not the same one with roles. A Person may request a certain Job and a Worker is able to accept that job. I have a dedicated table for each m...
Reque
1

votes
0

answer
245

Views

JWT.Refresh does not return a new token if Request fails for some reason

I have built an API with Laravel (5.3.30) and the package Dingo (1.0.0-beta8). For authentication I am using JWT-Auth (^0.5.12). JWT-Auth comes with a middleware to enable 'Token Refreshing' out of the box. Once you log in you get a token. When you use it to make a new request, the token is blackli...
Alan
1

votes
1

answer
71

Views

Identify in custom Web API with absolute certainty who is logged in to SharePoint

My user logs into SharePoint Online and is authenticated. I have a custom made Web API application which my client side calls. I would like to know with absolute certainty which user is calling my API. My idea so far is to find the JWT in the cookie in SharePoint (success) which states who is logged...
Harry.NET
1

votes
2

answer
310

Views

How do I view the data stored in a JWT? Using auth0 and express-jwt

Right now I believe I have most things setup correctly. Auth0 is saving the jwt to the client who is then using it for future requests. I use express-jwt to verify the token. From reading the Auth0 docs, I think I need the client secret (when I use that to decode the jwt I get an odd error: Unaut...
Shaun O' Neill
1

votes
1

answer
220

Views

Issue bearer token from IdentityServer4

Is it possible to generate manually bearer token and return it if user is logged in successfully? Here's my point of view: [HttpPost] [AllowAnonymous] [ValidateAntiForgeryToken] public async Task Login2(LoginViewModel model) { if (ModelState.IsValid) { var result = await _signInManager.PasswordSignI...
Cieja
1

votes
2

answer
697

Views

django rest api with jwt authentication is asking for csrf token

I am new to django rest api framework. I am using JWT token based authentication for the rest api with the following setting - REST_FRAMEWORK = { 'DEFAULT_AUTHENTICATION_CLASSES': ( 'rest_framework_jwt.authentication.JSONWebTokenAuthentication', 'rest_framework.authentication.TokenAuthentication',...
Bharath R S
1

votes
1

answer
330

Views

How to Verify AWS Cognito user on Server (running on nodeJS)

I am using AWS Cognito User Pools to signup & signin my users(client, iOS). My user's make calls to endpoints on the server running on NodeJS (EC2 Instance). How can I authenticate my users on the server (NodeJS) ? One way that I see is, to generate a JWT token on the client side and pass it to the...
kurrodu
1

votes
1

answer
482

Views

Asp.Net Core Azure AD V1.0 JWT Authentication Invalid Signature

I have to make an ASP.NET Core 2.0 Web API application which uses the resources of Microsoft Graph. I tried to make the app use JWT authentication with the following properties: Audience: 'CLIENT_ID'; Authority: 'https://login.microsoftonline.com/TENANT_ID' The idea here is that I have a SPA app whi...
Abraxas
1

votes
0

answer
303

Views

Distributed or Central Authorisation in Django Microservices

I'm building a Django rest framework based service which has some complicated permissions. So far, my microservices stack looks like this: /auth/ JWT authentication service /users/ - adding users, adding them to different services /new-service/ - needs authorization Users database is shared by auth...
Edward Williams
1

votes
2

answer
349

Views

Unable to validate signature of JWT token generated using .NetCore in a Java springboot application

We've generated a Bearer JWT token in .NET Core and have signed the token using the pfx of a X509 self signed certificate generated using Powershell. We need to verify the token signature in a Springboot Java application. To achieve this we have imported the pfx into a java keystore (jks) using the...
Deven Shirke
1

votes
0

answer
52

Views

Laravel Disable JWT Auth when using oauth/authorize for passport

I need to disable jwt auth when i try to do oauth/authorize that passport to do a authorization code grant. It needs to use the original oath of laravel ( I believe). I figure I could use the client_id in the request do something like this: if(request->client_id != null ){ // jwt Auth } But not sure...
LKirin
1

votes
0

answer
247

Views

CAS & spring-security-cas with stateless session

I'm currently working through a spring application which is using stateless session and JWT based mechanism for authentication & authorizations. A new requirement arrived: using CAS v4.0 SSO solution to replace the authentication system. I went through the CAS documentation and the spring security d...
R. G
1

votes
1

answer
1k

Views

How to build a framework in iOS for simulator and device (IPA)

I am trying to use a library (framework) into our iOS project (https://github.com/auth0/JWTDecode.swift). It provides a cocoapod interface to add/use the framework. But unfortunately in my project, we are not incorporated cocoapods and at this point it is not possible to integrate the cocoapods into...
user867662
1

votes
1

answer
362

Views

How should you save a jwk?

I hope this is not a naive question but how should you save a jwk when getting it from a .well-known/jwks.json domain. Currently I hard code the modulus and exponent but that doesn't seem to be a great solution. Adding it to a database seems pointless as it would be an unreasonable call because the...
test
1

votes
1

answer
144

Views

JWE and JWS, are they “stateless”?

Lately I have been reading some about JWT/JWS and JWE.. however.. one part I still dont get is that Im quite sure that I somewhere have read that they all should be 'stateless', is this true? My take on this would be that JWS and JWE would require a shared secret between the 'acquirer' and the 'issu...
Inx51

View additional questions