Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [jwt]

JWT specifies JSON web tokens. It is defined in RFC 7519: JSON Web Token (JWT)

As indicated in section 3 of the RFC, "JWTs represent a set of claims as a JSON object that is encoded in a and/or structure." The claims are name / value pairs where the name is a string and the value can be any JSON value. It is part of the framework that also contains JWS and JWE.

36 questions
3
votes
1 answer

A way to get the public key of a RS256 JWT from its headers and payload?

I have a RS256 JWT, I'd like to find out its public key. Because I know the header, payload and I have the encrypted signature, is there a way to obtain the public key that made the signature from these elements?
hmngwn
  • 33
  • 4
0
votes
1 answer

JWTs vs Capability Tokens

One of the primary advantages of JWTs is that they serve as capability tokens, allowing for a portable verification of capabilities/ privileges. However, JWTs are often criticized for a number of weaknesses. What is the disadvantage of simply…
Prime
  • 117
  • 6
0
votes
0 answers

Is it necessary to verify the access token signature in the context of a TLS connection with .well-known endpoint?

I'm developing a custom Authentication Socialite ADFS Provider using OpenID Connect: Authentication Flow. Since I have a TLS connection between the client App and the Authentication server that issues the token, what is the point of verifying the…
Ayden
  • 1
0
votes
1 answer

How to verify that a JWT was in fact generated by the claimed issuer (iss)?

JSON Web Tokens (JWTs) (RFC, introduction) are digitally signed using a secret key (which can be symmetric, but for distributed use cases will typically be asymmetric). The signature forms the third and final part of the JWT, and can be verified…
Anders Rabo Thorbeck
  • 535
  • 1
  • 3
  • 10
0
votes
1 answer

What is the proper format/ notation for JSON Web Tokens?

A JSON Web Token is supposed to have the following format: token = encodeBase64(header) + '.' + encodeBase64(payload) + '.' + encodeBase64(signature) When I use the jsonwebtoken node.js function to create a token: jsonwebtoken.sign({username :…
Tom
  • 5
  • 2