When using JSON web tokens in your application, it’s required to have at least a secret key. Using a secret key comes with a simple setup. The downside here, you must share the secret between the parties interacting with the JWT. Going one step further, you could create and …

The hapi Node.js framework ships with a built-in validation mechanism for request input. You can seamlessly define a request’s validation rules on your route. Starting your hapi server with a misconfigured validation leads to assertion errors. In this tutorial, you’ll walk through the steps to fix the …

A JSON Web Key (JWK) is an important piece in the JWT universe because it represents a cryptographic key using a JSON data structure. Each JWK is represented by key-value pairs, like a typical JavaScript object but in JSON format. Additionally, the JSON Web Key Set is a JSON object …

All the previous tutorials in this series on JSON web tokens used a secret or private key in combination with a signing algorithm to create a token’s signature. But in contrast, the JWT specification also allows unsigned tokens. This supports use cases where a token’s content is secured …

JSON web tokens (JWT) are widely accepted on the Internet. You’ll find countless tutorials using JWT authentication. Most of them showing how to sign a JWT using an HMAC-based algorithm which is a quick way to get started. We both know that the copied code from a tutorial is …

All the previous JWT tutorials use a cryptographic signing to verify the token’s validity. Created tokens didn’t use any payload encryption. In case an attacker has access to a user’s JWT, they can seamlessly read the token payload. Verifying JWTs ensures that the requesting user sends a …

Starting out with JSON Web Token (JWT) is pretty straightforward. Typically, you’ll create a JWT with a secret key and verify it using the same secret. In cryptography, this is a symmetric signature. Most of the tutorials on the Internet use symmetric algorithms because it’s a simple way …