learn hapi — Create a JWK from a Shared Secret

When starting out with JWT a shared secret is the simplest way to sign and verify tokens. While developing your application and progressing with the JWT usage, you’re arriving at JSON web keys and key sets.

The previous tutorial shows how to use a JWKS API endpoint for authentication.

Up to this point, the missing piece is how to create a JWK from a shared secret.

Well, there’s the crux: it’s dangerous and typically recommended to avoid to use a JWK created from a shared secret.

This tutorial explains why you should avoid shared secrets when using a JWKS API endpoint for JWT verification. Nonetheless, the tutorial shows you how to create a JWK from a shared secret, but for security reasons, we recommend to not use it.

hapi Series Overview

Continue reading

University Enrollment Required

Future Students benefit from value packed videos and tutorials.

Enroll to receive exclusive content or sign in if you’re already a Future Student.

Enroll me for $15/mo

Explore the Library

Find interesting tutorials and solutions for your problems.