A JSON Web Key (JWK) is an important piece in the JWT universe because it represents a cryptographic key using a JSON data structure. Each JWK is represented by key-value pairs, like a typical JavaScript object but in JSON format. Additionally, the JSON Web Key Set is a JSON object …

All the previous tutorials in this series on JSON web tokens used a secret or private key in combination with a signing algorithm to create a token’s signature. But in contrast, the JWT specification also allows unsigned tokens. This supports use cases where a token’s content is secured …

JSON web tokens (JWT) are widely accepted on the Internet. You’ll find countless tutorials using JWT authentication. Most of them showing how to sign a JWT using an HMAC-based algorithm which is a quick way to get started. We both know that the copied code from a tutorial is …

All the previous JWT tutorials use a cryptographic signing to verify the token’s validity. Created tokens didn’t use any payload encryption. In case an attacker has access to a user’s JWT, they can seamlessly read the token payload. Verifying JWTs ensures that the requesting user sends a …

Starting out with JSON Web Token (JWT) is pretty straightforward. Typically, you’ll create a JWT with a secret key and verify it using the same secret. In cryptography, this is a symmetric signature. Most of the tutorials on the Internet use symmetric algorithms because it’s a simple way …

You’re automatically using claims when using JWTs in your application. JWT Claims are an important piece in the JSON web token specification. Claims represent the data you’re storing inside the JWT. A JWT claim set is the JWT payload consisting of more than one key-value-pair. Imagine a JWT …

We ran into limitations with a third-party library providing the authentication schemes to authenticate requests with a refresh token. The problem: the used package happens to support the needed functionality, it’s not created with the intent to support it. In this tutorial, you’ll replace this package with your …

Security is a high-priority concern in every application. You should always look out for vulnerabilities in used libraries and your infrastructure. The same holds true for JWT because the token signing contains a hashing or encryption part. In this tutorial, you’ll learn how to switch the JWT signing algorithm, …