The recent tutorials in this JSON web token series walked you through the process of encrypted tokens. Creating an encrypted JSON web token has the benefit that nobody can access the content except the holder of the secret key or key pair. In the previous tutorial, you created an encrypted …

Implementing signatures and encryption for JSON web tokens can be complex due to the cryptographic handling. Up to this point in this tutorial series, you implemented both features on top of existing libraries. A downside of the previous tutorials: when introducing encrypted tokens, you removed the signature of a JWT. …

Most of the JWT tutorials in the Internet show you how to work with signed tokens. In the previous tutorial, you changed your code to create encrypted JWTs. This switch from signed to encrypted JWTs requires changes to your user authentication as well. This is what you’ll implement in …

We already touched the encryption aspect in the previous JWT tutorial on encrypting the JWT payload in “a simple way”. The linked tutorial showed you how to encrypt input data and put the encrypted data into the payload of a signed JWT. Here, you’ll create a fully encrypted JWT …

You may read the “JOSE” keyword when searching the Internet for details on JSON web tokens. Well, you’re likely to find “JOSE” in references to the JWT specification and not in actionable tutorials. What is JOSE in combination with JWT? That’s a good question! JWT defines the token …

When starting out with JWT a shared secret is the simplest way to sign and verify tokens. While developing your application and progressing with the JWT usage, you’re arriving at JSON web keys and key sets. The previous tutorial shows how to use a JWKS API endpoint for authentication. …

JWT authentication uses a secret to sign or encrypt the tokens. Using an asymmetric algorithm based on a public/private key pair comes with some benefits. One benefit is that you can share the public key with anyone on the Internet. Of course, you must keep your private key safe …