I implemented JWT authentication in ExpressJs using JsonWebToken package. I generated a JWT token based on a secret key and pasted that token in https://jwt.io/ it is decoded without any secret and show me information. help me out the proper way to generate JWT token based on Application secret key that can't be decoded without Application Secret.
Asked
Active
Viewed 157 times
0
-
If you REALLY need an encrypted token, you should look into JWE, the encrypted form of a JWT. What you have is a JWS, a signed token, which doesn't hide the information inside. – jps Jun 19 '19 at 12:24
-
can you please refer a link for nodeJS? – Usman Hafeez Jun 21 '19 at 11:07
-
on https://jwt.io you find a list of libraries for many languages. For node.js they have https://github.com/panva/jose (if you're looking for JWE support) But I don't have experience with it. – jps Jun 21 '19 at 11:16