You may read the “JOSE” keyword when searching the Internet for details on JSON web tokens. Well, you’re likely to find “JOSE” in references to the JWT specification and not in actionable tutorials. What is JOSE in combination with JWT? That’s a good question! JWT defines the token …

When starting out with JWT a shared secret is the simplest way to sign and verify tokens. While developing your application and progressing with the JWT usage, you’re arriving at JSON web keys and key sets. The previous tutorial shows how to use a JWKS API endpoint for authentication. …

Node.js ships with the for…of and for…in loops. These two loops provide a convenient iteration besides the common for loop. Both loops give you a clean syntax for iterations and quick access to keys or values. This tutorial explores both loops in more detail and shows you …

JWT authentication uses a secret to sign or encrypt the tokens. Using an asymmetric algorithm based on a public/private key pair comes with some benefits. One benefit is that you can share the public key with anyone on the Internet. Of course, you must keep your private key safe …

When using JSON web tokens in your application, it’s required to have at least a secret key. Using a secret key comes with a simple setup. The downside here, you must share the secret between the parties interacting with the JWT. Going one step further, you could create and …

The hapi Node.js framework ships with a built-in validation mechanism for request input. You can seamlessly define a request’s validation rules on your route. Starting your hapi server with a misconfigured validation leads to assertion errors. In this tutorial, you’ll walk through the steps to fix the …

A JSON Web Key (JWK) is an important piece in the JWT universe because it represents a cryptographic key using a JSON data structure. Each JWK is represented by key-value pairs, like a typical JavaScript object but in JSON format. Additionally, the JSON Web Key Set is a JSON object …