Questions tagged [jwt]
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
73
questions
0
votes
0
answers
52
views
Multi-tenant (realm based) REST Web API authentication
We're building a multi-tenant setup with a C# Web API and KeyCloak for auth and APISIX as application gateway. APISIX handles the authentication and passes an X-Access-Token to our API when ...
- 341
0
votes
0
answers
43
views
Best design pattern for integrating Google OAuth with existing JWT token-based authentication system
We currently have a backend authentication mechanism in place that utilizes JWT tokens. Users sign in or sign up using email and password, and upon successful authentication, the backend issues JWT ...
1
vote
1
answer
103
views
Calling protected API from VueJS/Express via Access Token?
I'm trying to understand how Auth flows work within VueJS/Express Server to a protected API.
I have a situation where I need to call an API that is protected by JWT. To get this JWT, a client ID and ...
- 11
0
votes
0
answers
58
views
Architecture Design using Queue and JWT Token for session management
I am planning to design a microservice system architecture for a ticketing platform. It will be similar to "TicketMaster". Here is the flow of my architecture:
client web browser
API ...
- 1
2
votes
1
answer
151
views
web-dev: how to restrict access to costly backend API to authenticated clients only
I've created a small prototype browser plugin and am now thinking about making it accessible to the public. This brings up an important question about gatekeeping API access and the right way to ...
- 446
0
votes
0
answers
118
views
JWT Cookie and API Gateway
Background
I have an authentication microservice that handles the user authentication and returns 2 JWT cookies (access_token and refresh_token).
I want to incorporate an API gateway that does the JWS ...
- 9
0
votes
0
answers
49
views
API authentication for iOS applications
I am currently working on my own iOS application and am going to be using a locally developed API for fetching data. I wanted to outline my current account sign-in architecture and verify this is ...
- 17
0
votes
0
answers
117
views
How to handle Authorized & Non-Authorized Routes in Microservices with Tokens
Context
Suppose there is a e-commerce microservice architecture with the format:
In summary, a client will contact the Auth Service / Identity Service to receive a token. It passes the token to the ...
0
votes
1
answer
244
views
Bad Request or Unauthorized with missing data in POST / PUT
We have a simple POST / PUT that requires that some of the body data matches an organization id that is contained in the JWT.
If the data doesn't match, that is clearly a 401 but wondering about an ...
- 169
0
votes
1
answer
579
views
Understanding the JWT and refresh token approach
I've read a few articles which cover the set up for refresh tokens and JWT tokens
Is there a best practice in how/when to get the next JWT token.
In my head, there are a few different approaches. I ...
- 1,881
0
votes
3
answers
743
views
What are the advantages of refresh token?
A good auth system contains access and refresh tokens. I know what access-tokens are for and I know what refresh tokens DO - but I don't understand their meaning.
For example:
If I authenticate myself ...
- 31
0
votes
2
answers
218
views
JWT token security - public key forgery prevention
Question on securing JWT token integrity, given the following scenario:
Client sends a JWT to server signed with Client's private key
Server caches public key, but uses http (and not https) to ...
- 1
1
vote
1
answer
267
views
Mobile authentication approaches, JWTs and refresh tokens
Context
I'm developing togther with my dev team a mobile app in a client-server architecture, since there will be a webclient too, allowing some users (admins) to perform certain operations from the ...
- 113
1
vote
2
answers
1k
views
JWT logout: Sharing blacklisted invalid token among services
I am working on a microservices project involving 4 services - Auth Service, Service-A, Service-B and Service-C.
All the services are implemented using Spring Boot.
The Auth Service is responsible for ...
- 33
0
votes
1
answer
3k
views
Blacklist JWT tokens or whitelist JWT tokens
I am working on a Spring Boot web application. The REST APIs are secured by JWT tokens. Currently I have only access token generated (not implemented refresh token concept).
My question is related to ...
- 33