You’re automatically using claims when using JWTs in your application. JWT Claims are an important piece in the JSON web token specification. Claims represent the data you’re storing inside the JWT. A JWT claim set is the JWT payload consisting of more than one key-value-pair. Imagine a JWT …

We ran into limitations with a third-party library providing the authentication schemes to authenticate requests with a refresh token. The problem: the used package happens to support the needed functionality, it’s not created with the intent to support it. In this tutorial, you’ll replace this package with your …

Security is a high-priority concern in every application. You should always look out for vulnerabilities in used libraries and your infrastructure. The same holds true for JWT because the token signing contains a hashing or encryption part. In this tutorial, you’ll learn how to switch the JWT signing algorithm, …

The previous tutorials on basic JWT logout and immediate JWT logout focused on the functionality to invalidate tokens. They didn’t focus on project architecture, clean code, or where to apply actions. That’s what you’ll change in this tutorial: refactor your code to find a better place to …

The first tutorial on JWT logout shows you a basic logout when using JSON web token (JWT). The downside of this logout is that users can authenticate requests for the remaining JWT lifetime. Only the refresh token is revoked. In contrast to the first tutorial, you’ll now implement a …

Authenticating users in web applications or APIs has different approaches. Invalidating a user’s server-side session or an authentication-related cookie is in your full control. With JSON web tokens (JWTs), you need to extend your platform with a custom logout handling ensuring to invalidate an active JWT. Because there’s …

JSON Web Token (JWT) authentication comes with a trade-off: the created token lives on client side. You don’t need to store a token in your server-side database to make JWT authentication work in your application. This is —simultaneously— the largest benefit of JWT: your server can trust a verified …

JSON web tokens (JWT) are a convenient way to authenticate users on your platform. The simplest version of handling JWT authentication looks like this: creating a token by signing it with a secret key that is only known to your application. Once created, you send off the compact form of …