Server JWT Authentication Setup

Share this video with your friends

Send Tweet

Adding JWT support to the server. Signing a JSON object as a payload and sending the signed token to the browser on authentication.

Stefan
Stefan
~ 10 years ago

I've read that the contents could easily be decoded and read and are only protected against manipulation.

You said, that there's a specification on what should go in the payload. Got a link?

Kent C. Dodds
Kent C. Dodds(instructor)
~ 10 years ago

Yeah, check this: https://openid.net/specs/draft-jones-json-web-token-07.html

And you definitely don't want to put anything in the payload that is sensitive. Play around with http://jwt.io/ for a little bit and you can see that the information can be decoded regardless of the secret.

inlightmedia
inlightmedia
~ 8 years ago

Do you know of any resources that might go through adding a secret to a environment variable? Thanks.