If you can decode JWT, how are they secure?

后端未结

关注

 7  1208

遥遥无期 2020-11-22 10:49

If I get a JWT and I can decode the payload, how is that secure? Couldn\'t I just grab the token out of the header, decode and change the user information in the payload, an

7条回答

余生分开走 (楼主)

2020-11-22 11:26
I would suggest in taking a look into JWE using special algorithms which is not present in jwt.io to decrypt

Reference link: https://www.npmjs.com/package/node-webtokens
```
jwt.generate('PBES2-HS512+A256KW', 'A256GCM', payload, pwd, (error, token) => {
  jwt.parse(token).verify(pwd, (error, parsedToken) => {
    // other statements
  });
});
```
This answer may be too late or you might have already found out the way, but still, I felt it would be helpful for you and others as well.

A simple example which I have created: https://github.com/hansiemithun/jwe-example
0 讨论(0)

查看其它7个回答
发布评论:

提交评论
- 加载中...