Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Mapamatician
    @Mapamatician
    hi guys! I am building an iOS app with Laravel 5.3 as a backend using JWT auth. I can log into the app, and recieve the token, but I don't know am I supposed to store the JWT on the iOS client or will Laravel store the token in a session? How does the token persist?
    Mapamatician
    @Mapamatician
    ok, I got the token persisting. I'm not sure how I can use it lol. Do I need to pass it with the url on each request?
    Benjman
    @Benjman
    @Mapamatician Yes, you would typically add it to the header for each request.
    Mapamatician
    @Mapamatician
    I got it eventually thanks
    what I'm struggling with now is logout. How can I invalidate a token?
    Meheret Egzerab
    @mercyg
    Could someone please help me with autentication I am getting this error : UnauthorizedError: jwt expired.
    Swornim Shrestha
    @bravegurkha
    How can I increase the time to expire the token?
    karunaker reddy
    @karunakerreddyv
    I have separate Authentication app built with Jhipster and I want to share JWT token among multiple subdomains (multiple UI apps hosted under x.xyz.com, y.xyz.com, z.xyz.com). How can I share JWT token from authentication app to other apps
    René Goretzka
    @renegoretzka
    hello.. when i safe a jwt for a user being logged in.. how do i get the user props from that user when he is already logged in and want to access some stuff? i want to get the userid or something like that?
    Mapamatician
    @Mapamatician
    Is https://github.com/ojensen5115/jwtcrack still a vulnerability?
    Kristoff
    @kristoff2016
    Nice to join this room
    corewillem
    @corewillem
    Does someone have a simple example login script in PHP that uses JWT ?
    Alexander Gaal
    @alexgaal

    Hello,

    I've got a question. I am using Angular in frontend and Laravel in backend, both are using jwt for tokens and our server uses http2. If I call my application several requests are started at the same time, when I refresh the token on the first request, the following requests are causing errors, because token is already invalid. Any solutions, except turning black list off?

    corewillem
    @corewillem
    Hi, does anyone knows how i can generate v-model names in a v-for loops ?
    image.png
    image.png
    test.png
    test.png
    test.png
    "<div class="form-group" v-for="drank in dranken">
    <label>{{drank.naam}}</label>
    <input type="number" class="form-control" placeholder="Hoeveelheid" v-model="stocktelling.naam">
    </div>"
    the v-model should be generated to be different for every input
    corewillem
    @corewillem
    oops wrong room
    Sisir
    @prionkor
    Does anyone have a axios implementation example code which request jwt refresh ( if necessary ) before ajax call? Will be really helpful!
    Neeraj Dhiman
    @veris-neerajdhiman
    Can someone help me on verifying keycloak access_token (which is JWT) ?
    Lihai Ben-Haim
    @lihaibh
    I have a question about the security of a system authentication by JWT
    what if someone could somehow crack a single jwt token of a user (using MITM for example)
    from now on, basically even if the user changes his password, the cracked JWT is already obtained
    lets say the secret private key is kept in the server and never replaced
    that means that once someone get the JWT token he will get access to the user's resources forever
    in session system, we are using a randomly generated id, so even if someone gets the sessionid, the system can somehow recover from it, deleting the sessions, generating new ones etc..
    Tasos Soukoulis
    @taosx
    Is it possible to roll my own jwt authentication on top of oauth2 ? Ex. Create user account using google/facebook oauth2 and then keep authentication using the jwt created by my server?
    Or it's wasteful?
    Ranie Santos
    @raniesantos

    Is it okay or is it a bad idea to add 'remember me' functionality when using JWT instead of sessions?

    I have a project using JWT and I've gotten it to work so far (expires every hour, can be refreshed up to 2 weeks). But right now I have a useless remember me checkbox on my login page.

    I'm trying to decide whether I should remove it or make it functional.

    I've been looking through the code and it seems refresh_ttl isn't found in any of the token's claims.

    The exp claim only refers to the regular ttl.

    So I can't use the getJWTCustomClaims method in the User model specified in the docs of the package.

    this place is a ghost town
    niluroy
    @niluroy
    Hey guys 
    jwt.verify(token, config.secret, function(err, decoded){})
    Here decoded is returning me id, iat and exp. So, what is iat?
    Ranie Santos
    @raniesantos
    iat means Issued At
    Javier Aviles
    @javieraviles

    Hi! I wanted to leave here a good boilerplate with Koa2 Typescript, jwt-auth, logging orm sql docker.... Very good Readme, hope it helps somebody!

    https://github.com/javieraviles/node-typescript-koa-rest

    Nastaran Heydari
    @noonhe
    Hi! How can I add Authoization : Bearer <token> to my request header in my code (not in postman)?
    Boris Pavlov
    @bpavlov
    I have a question about the refresh token
    Boris Pavlov
    @bpavlov
    I want to use JWT in order to reduce database requests. Unfortunately that way I am not able to temporary "disable" users. Even more if my jwt access token TTL is 5 min after 6 min mark I will have to re-authenticate.
    What is the best way to solve this issue?
    Dilip Kumar
    @dilipjnu_twitter
    hi
    Adeshina Hammed H.
    @D-sense
    @noonhe , you can achieve that by using the header in the curl (if you’re using CURL.
    Naguib Ihab (A.K.A. Nick)
    @naguibIhab_twitter
    Not sure if this fits here but I have an issue with JWKS with Auth0: https://stackoverflow.com/questions/55931805/in-using-jwks-with-auth0-what-is-the-audience-and-issuer-if-im-using-localhost
    Help :(
    flihub
    @flihub
    anyone here?
    BatunaAz
    @BatunaAz
    i installed jwt framework using composer require web-token/jwt-framework. But my server directory have not // use Jose\Component\Core\JWK;
    // use Jose\Easy\Build; these directories. What's wrong guys. Sorry i am beginner. Thanks
    Srikar Rao Gandla
    @srikarrao
    Hello, I'm new to JWT tokens security. Wanted to know who generates the signing key? is it the server or signing key is nothing but user's password? Thank you!
    Mario N Junior
    @manjunior

    Hi guys, hope you all are well.

    I'm having a problem with my Laravel 8 API using the latest version of the Tymon\JWTAuth lib.

    My Laravel Api has some protected routes, but I don't login to it to get the token. For that I log into an external API, get the generated token and send this token to my Laravel api. To validate the token I get from the external API, I set the JWT_SECRET key from the .env with the same key as the external API.

    Does that solve the problem? Is it otherwise? Can anyone tell me where to go?

    Below is my middleware to verify the token of each request when the route is protected.

    `
    public function handle(Request $request, Closure $next)
    {
    try {
    $user = JWTAuth::parseToken()->authenticate();
    } catch(Exception $err) {
    if ($err instanceof \Tymon\JWTAuth\Exceptions\TokenExpiredException) {
    return response()->json(['status' => 'Token is Expired'], 401);
    } else if ($err instanceof \Tymon\JWTAuth\Exceptions\TokenInvalidException) {
    return response()->json(['status' => 'Token is Invalid'], 403);
    } else {
    return response()->json(['status' => 'Authorization Token not found'], 404);
    }
    }

        return $next($request);
}

    `

    Denys Finchenko
    @dfinchenko
    Hi! How can I generate just JWT token with custom data without user credentials in laravel?