Questions tagged [jwt]
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
77 questions
3
votes
4
answers
385
views
Does possession of a valid JWT automatically imply the user is authenticated?
I am tasked with implementing authentication and authorization in a distributed environment, so I plan to use JWT.
I get how authorization works with JWT - if the token is not expired, and the ...
- 199
1
vote
1
answer
102
views
What type of authentication/identification is needed?
The specs:
Mobile apps
LLM wrapper (of e.g. OpenAI API)
The chat history will be stored on the client
Backend is needed to manage the api key and to track token consumption / payment (how many tokens ...
- 391
1
vote
1
answer
290
views
Local storage or HTTP Only Cookie for RefreshToken?
By saving the RefreshToken in an HTTP-only cookie it cannot be accessed or manipulated by JavaScript, but will be sent with each request with a greater risk of being intercepted.
When saving the ...
- 19
0
votes
0
answers
102
views
Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token ...
- 9
0
votes
0
answers
133
views
Multi-tenant (realm based) REST Web API authentication
We're building a multi-tenant setup with a C# Web API and KeyCloak for auth and APISIX as application gateway. APISIX handles the authentication and passes an X-Access-Token to our API when ...
- 341
1
vote
0
answers
76
views
Best design pattern for integrating Google OAuth with existing JWT token-based authentication system
We currently have a backend authentication mechanism in place that utilizes JWT tokens. Users sign in or sign up using email and password, and upon successful authentication, the backend issues JWT ...
1
vote
1
answer
148
views
Calling protected API from VueJS/Express via Access Token?
I'm trying to understand how Auth flows work within VueJS/Express Server to a protected API.
I have a situation where I need to call an API that is protected by JWT. To get this JWT, a client ID and ...
- 11
1
vote
0
answers
108
views
Architecture Design using Queue and JWT Token for session management
I am planning to design a microservice system architecture for a ticketing platform. It will be similar to "TicketMaster". Here is the flow of my architecture:
client web browser
API ...
- 11
2
votes
1
answer
222
views
web-dev: how to restrict access to costly backend API to authenticated clients only
I've created a small prototype browser plugin and am now thinking about making it accessible to the public. This brings up an important question about gatekeeping API access and the right way to ...
- 446
0
votes
0
answers
223
views
JWT Cookie and API Gateway
Background
I have an authentication microservice that handles the user authentication and returns 2 JWT cookies (access_token and refresh_token).
I want to incorporate an API gateway that does the JWS ...
- 9
0
votes
0
answers
68
views
API authentication for iOS applications
I am currently working on my own iOS application and am going to be using a locally developed API for fetching data. I wanted to outline my current account sign-in architecture and verify this is ...
- 17
0
votes
0
answers
145
views
How to handle Authorized & Non-Authorized Routes in Microservices with Tokens
Context
Suppose there is a e-commerce microservice architecture with the format:
In summary, a client will contact the Auth Service / Identity Service to receive a token. It passes the token to the ...
- 101
0
votes
1
answer
398
views
Bad Request or Unauthorized with missing data in POST / PUT
We have a simple POST / PUT that requires that some of the body data matches an organization id that is contained in the JWT.
If the data doesn't match, that is clearly a 401 but wondering about an ...
- 169
0
votes
1
answer
865
views
Understanding the JWT and refresh token approach
I've read a few articles which cover the set up for refresh tokens and JWT tokens
Is there a best practice in how/when to get the next JWT token.
In my head, there are a few different approaches. I ...
- 1,881
1
vote
3
answers
868
views
What are the advantages of refresh token?
A good auth system contains access and refresh tokens. I know what access-tokens are for and I know what refresh tokens DO - but I don't understand their meaning.
For example:
If I authenticate myself ...
- 41