Skip to main content

Timeline for Static secret as byte[], Key or String?

Current License: CC BY-SA 4.0

11 events
when toggle format what by license comment
Oct 7, 2021 at 7:34 history edited CommunityBot
replaced https://tools.ietf.org/html/rfc with https://www.rfc-editor.org/rfc/rfc
Mar 26, 2020 at 21:24 comment added Eamorr This is a good answer. However, be aware that in a load balanced microservices environment, the secret should be read in from env var.
Mar 26, 2019 at 17:04 history edited Les Hazlewood CC BY-SA 4.0
continued edits for clarity
Mar 26, 2019 at 16:58 history edited Les Hazlewood CC BY-SA 4.0
added 2 characters in body
Mar 26, 2019 at 16:51 history edited Les Hazlewood CC BY-SA 4.0
Updated to reflect more recent JJWT API and documentation and recommended practices.
Mar 26, 2019 at 15:17 comment added Deepak Is there any dotnet library which would provide the same functionality like: Jwts.builder() //... .signWith(SignatureAlgorithm.HS512, base64Encoded) .compact();??
Jan 15, 2017 at 14:44 comment added user5778069 @Les - Could you guide on stackoverflow.com/questions/41661821/…
Oct 27, 2016 at 17:58 comment added Les Hazlewood @Paulo that's a nice point and should be documented in the project. Would you mind opening a GitHub issue to add that? It'd be appreciated!
Oct 27, 2016 at 2:59 vote accept Paulo
Oct 27, 2016 at 2:53 comment added Paulo This answer is so usefull to understand how we should create the secret and how we should handle it over JJWT. I didn't know that requirement about the length of the secret. Thanks again for that. But I think this answer is not complete. You could add something like that: using Key is more safe, since SecretKey implementation ensures destroy sensitive key information from the memory when this object is eligible for garbage collection.
Oct 27, 2016 at 0:43 history answered Les Hazlewood CC BY-SA 3.0