Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vimana2018-10-20 15:24:48
JavaScript
Vimana, 2018-10-20 15:24:48

How does jwt decode work?

Hello! I use javascript lib jsonwebtoken , sign the token with the help of the Word secret like this, jwt.sign(data, secret);
everything is ok, but if I put the token in the decode function, jwt.decode(token);then it decrypts it easily, how does this happen? if I didn't pass secret? the concept of such tokens is not entirely clear, if it is so easy to read their contents without knowing the secret, plz tell me how it works

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
Maxim Babichev, 2018-10-20
@Vimana

The token is stored in the clear, it's just base64.
Secret is used to get the signature of the data so that no one can change it.
The token looks like this {header}.{payload}.{hash} separated by a dot.
header
payload
hash

let content = base64UrlEncode(header) + "." + base64UrlEncode(payload);
let hash = HMACSHA256(content, secret);

And also visit the resource https://jwt.io/
PS, if you need to encrypt data, use JWS instead of JWT

Similar questions
R
Rain Summers2015-04-07 12:24:11
phpstorm. How to disable non-disabled "Inspections: cannot resolve file"? 5Reply
S
Sergey Burduzha2021-03-25 12:00:33
Why is a fetch request not working? 3Reply
F
freestm2017-04-07 22:31:58
How to transfer the execution of the program to the server? 6Reply
C
civdef2019-09-18 17:04:42
Port forwarding does not work when a white ip is provided by the provider's NAT on the external interface, why? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question