1. 5
    Server JWT Authentication Setup
    4m 3s

Server JWT Authentication Setup

Kent C. Dodds
InstructorKent C. Dodds

Share this video with your friends

Send Tweet

Adding JWT support to the server. Signing a JSON object as a payload and sending the signed token to the browser on authentication.

Stefan
Stefan
~ 6 years ago

I've read that the contents could easily be decoded and read and are only protected against manipulation.

You said, that there's a specification on what should go in the payload. Got a link?

Kent C. Dodds
Kent C. Doddsinstructor
~ 6 years ago

Yeah, check this: https://openid.net/specs/draft-jones-json-web-token-07.html

And you definitely don't want to put anything in the payload that is sensitive. Play around with http://jwt.io/ for a little bit and you can see that the information can be decoded regardless of the secret.

inlightmedia
inlightmedia
~ 5 years ago

Do you know of any resources that might go through adding a secret to a environment variable? Thanks.