Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
Wasya UK2018-04-13 13:23:51
JSON Web Token
Wasya UK, 2018-04-13 13:23:51

Should I use json web tokens?

In the process of learning, node encountered tokens. Is it worth doing application authentication based on them, because if you get a secret store, you can decrypt all passwords?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander Leonchik, 2018-04-13
@AlexanderMint

JWT is an opportunity to sign the "text" you need, give it to someone and check it (that it has not been changed) in the future when it comes back to you. Many projects use it, the flight is normal.
Passwords are not stored in it, as well as any private information, because any JWT can be viewed without a key.
And leaking a secret key is not a JWT problem, but your organization's.
PS encryption and JWT have little to do, and the key is just a signature, its leakage leads to the possibility of forging a token

Similar questions
K
keyotor2021-08-30 20:17:00
How to automatically renew access token jwt via refresh token? 1Reply
O
Orc2020-06-22 20:55:25
How to organize routing on the Flight microframework to process routes with a JWT token in the header? 0Reply
K
keyotor2021-09-18 17:27:48
How long to live for an authorization cookie? 0Reply
S
Safronov_Alexei2020-06-30 18:18:02
How to connect Django channels to SimpleJWT? 0Reply
N
Nube2018-08-04 16:02:44
How to remember user using JWT? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question