Is it safe to generate a JWT token on server-side and to pass it in a sign-up request within the response JSON back to the client? Currently I’m generating a JWT in the following way: import express from "express"; import jwt from "jsonwebtoken"; const generateToken = (id: any, res: express.Response) => { const token =… Read More Node TS: JWT token sign to verify authentication between client and backend question

I’m currently developing the backend for a Learning Management System (LMS) website and I’m encountering an issue with JWT token authentication After successfully logging into the system using a username and password, I obtain a JWT token without any issues However, when I attempt to authenticate using this JWT token, I consistently receive a "Forbidden"… Read More Spring Jwt issue authentication issue

when i nagivate to another page in my IONIC app the api call (GET) dont work as intended, they need a token for authorization but on the first time i navigate to that page, the storage.get doesnt get the token in time. If then i go back to the homepage and return back again it… Read More JWT in IONIC with Angular

I am using jwt to authenticate in my spring boot app. These are methods in AuthenticationService: public AuthenticationResponse authenticate(AuthenticationRequest request) { authenticationManager.authenticate( new UsernamePasswordAuthenticationToken( request.getEmail(), request.getPassword() ) ); User user = userRepository.findByEmail(request.getEmail()).orElseThrow(UserNotFoundException::new); String jwtToken = jwtService.generateToken(user); String refreshToken = jwtService.generateRefreshToken(user); revokeAllUserTokens(user); saveUserToken(user, jwtToken); return AuthenticationResponse.builder() .accessToken(jwtToken) .refreshToken(refreshToken) .build(); } private void revokeAllUserTokens(User user) { List<Token>… Read More Spring boot Unique index or primary key violation when using jwt to authenticate, when multiple authentication requests in a short time

I want to test my JwtService which is for generating and handling JWT Tokens. I am not even sure, if I have to test it because not all the methods are mine but I still would like to see if the token is generated correct. But if I want to test if the generated token… Read More Can't test generateToken() method for JWT token because of iat and exp date

In my Spring Boot application (let’s say it is blog app) I am using JWT authentication. But if I want to create a new post, should I pass the user ID inside the request body? But is it insecure to do so. Because, I should store user id in localstorage in Front end and put… Read More Spring Boot JWT: how do I get user id, from jwt or request?

I am writing a logic to create a post and i want to add the logged in user as the user making the post, i have saved the refresh token in my browser localstorage, when i copy the refresh token and paste in jwt.io, i get this response { "token_type": "refresh", "exp": 1679234275085, "iat": 1674953425085,… Read More how can i get the user_id from jwt in the localstorage and use it in react?

I am trying to do something like this, I want to check if a user exists , and if yes it should show that the user exists and if not, it should go ahead and register the user. I stumbled into an error. and hence, it does not generate the hashed password and it gives… Read More JWT does not generate hashed passwords

I’m working on a dashboard website in react.js where the users can analyze multiple different charts. To get the data for the charts from my node.js server I need to get the user’s ID token to be able to verify it on the server side (return data only if user is authorized). In the firebase… Read More Best practice to get user's idToken from Firebase – using getIdToken(/* forceRefresh */ true) leads to Firebase: Error (auth/quota-exceeded)

I’m writing an Angular application (version 14.1) where I fetch images from my backend which are protected by a JSON web token. Meaning, each time the user wants to fetch an image from the backend, a valid JWT needs to be attached onto the request, otherwise you get back a http403 forbidden. From a browser… Read More Angular does not display JWT protected pictures but it loads them properly?