Server JWT Authentication Setup
Adding JWT support to the server. Signing a JSON object as a payload and sending the signed token to the browser on authentication.
Stefan
~ 10 years ago
I've read that the contents could easily be decoded and read and are only protected against manipulation.
You said, that there's a specification on what should go in the payload. Got a link?
Kent C. Doddsinstructor
~ 10 years ago
Yeah, check this: https://openid.net/specs/draft-jones-json-web-token-07.html
And you definitely don't want to put anything in the payload that is sensitive. Play around with http://jwt.io/ for a little bit and you can see that the information can be decoded regardless of the secret.
inlightmedia
~ 9 years ago
Do you know of any resources that might go through adding a secret to a environment variable? Thanks.