1

Can someone tell me how to send jwt authentication token for every rest request send from asp.net core to the web APi, Does there is need to create a secret key to sign the token signature? Can we just send the token without signing the token.

Vaseem Akram
  • 59
  • 1
  • 2
  • 10

1 Answers1

0

This is very broad question.

Short answers:

  1. Tokens are usually sent in cookies. Certain solutions also store tokens in browser localstorage or sessionstorage and then add the token in every request header

  2. Yes, signing the token is mandatory. Otherwise, the server won't have a way to determine if the token has been tampered by an attacker or client. Signing is required for security

But there are much more to it. Refer to the following for details:

  1. https://stackoverflow.com/a/54258744/1235935
  2. https://stackoverflow.com/a/54011649/1235935
  3. https://www.rfc-editor.org/rfc/rfc7519
  4. https://www.rfc-editor.org/rfc/rfc6749
Community
  • 1
  • 1
Saptarshi Basu
  • 8,640
  • 4
  • 39
  • 58