The ability to reply to discussions is limited to PRO members. Want to join in the discussion? Click here to subscribe now.

Server JWT Authentication Setup

Server JWT Authentication Setup

4:03
Adding JWT support to the server. Signing a JSON object as a payload and sending the signed token to the browser on authentication.
Watch this lesson now
Avatar
egghead.io

Adding JWT support to the server. Signing a JSON object as a payload and sending the signed token to the browser on authentication.

Avatar
Stefan

I've read that the contents could easily be decoded and read and are only protected against manipulation.

You said, that there's a specification on what should go in the payload. Got a link?

Avatar
Kent C.

Yeah, check this: https://openid.net/specs/draft-jones-json-web-token-07.html

And you definitely don't want to put anything in the payload that is sensitive. Play around with http://jwt.io/ for a little bit and you can see that the information can be decoded regardless of the secret.

In reply to Stefan
Avatar
inlightmedia

Do you know of any resources that might go through adding a secret to a environment variable? Thanks.

HEY, QUICK QUESTION!
Joel's Head
Why are we asking?