New answers tagged authentication
1
vote
Does possession of a valid JWT automatically imply the user is authenticated?
TL;DR
JWT may be a part of a properly designed authentication protocol. Alternatively it may serve only for authorization without authentication.
Ticket analogy
If you buy a movie ticket, it may ...
- 4,484
6
votes
Accepted
Does possession of a valid JWT automatically imply the user is authenticated?
JWT is just a signed blob of data under the hood (we are not going to talk about JWTs without signature in this answer). How, when and why it was created cannot be known for sure. The only thing that ...
- 3,065
-1
votes
Does possession of a valid JWT automatically imply the user is authenticated?
The first thing to understand is that you would typically only accept JWTs signed by an entity that you trust. You can't just accept any JWT signed by some unknown entity. Anyone can create a their ...
- 30.9k
-2
votes
Does possession of a valid JWT automatically imply the user is authenticated?
But does the fact that a valid, non-expired JWT is included in the request necessarily mean that the user passed the authentication process, if we assume client-server communication is done over TLS?
...
Top 50 recent answers are included