Collaborate Disseminate
I am working on an authentication system using JWT bearer tokens. Currently every single service our company provides has it’s own JWT sign key, but uses the same data structure for the token data. Currently a client logs into our system a… Continue reading Authenticating for multiple services with a single JWT token (Single sign-on)
I just recently discovered JWT to secure my live stream and have done successful token on server and player but I think it still can be stolen.
How I can use it to only have the domains I choose to be able to access the stream?
This is wha… Continue reading JWT to prevent others from using video in their iframes
I have a use case where I need a factory-reset tablet device to install and run a simple Progressive Web Application (PWA). The tablet will be mounted on a wall inside a company building that may host unaccompanied external visitors from t… Continue reading Protecting a PWA authentication token on a public kiosk device
I tried implementing my own JWT logic, because I thought it would have some benefits for my use-case. Later I realized, that using the official JWT implementation is easier to use and more secure. But I’m still curious if this would be a s… Continue reading Correct implementation of a JWT signee
I’m using React.js (with react-router for serving content) for frontend with a golang backend.
For the authentication I’m using JWT. But I’ve now stumbled upon a problem. How do I keep users from accessing some pages? I’ve no problem restr… Continue reading How to restrict pages on React.js using JWT?
Let’s say that my user signs in and the server responds with a refresh token saved in a cookie (SameSite strict, HttpOnly, CSRF token too) and with the access token in response (saved in JS memory).
I read these guidelines in a popular Has… Continue reading Is there a downside to sending a refresh token on every request to an API?
I’m looking to setup an integration between GitHub and Service Now and I can use OAuth2 using JWT Tokens, the steps to take can be found here.
There is a specific step that states:
Create a CA signed certificate using the GitHub App priva… Continue reading Implications of using a self-signed certificate to sign JWT tokens in OAuth
I am building an authentication service with python and flask and I use MongoDB to store user details.
When a user sends a request on an API that enforce the authentication service, I get the token from the request, check if the JWT is val… Continue reading JWT : Should I check if user exists before validating token?
I’m using JWTs as part of an URL in order to direct a user to a specific site. I could have just used a UUID, but it’s nice to have an expiry date in the link, as well as knowing whom the link is created for.
This has been working great, b… Continue reading Can a JWT be all lowercase?
I tried reading few articles, however I’m not able to understand the merit of POP over Bearer token. Bearer token if lost (during transit over the wire) can give the holder of the token same privileges as the genuine owner. POP token is su… Continue reading How is pop token more secure than bearer token?