Stack Overflow
Stack Overflow

Questions tagged [json-web-signature]

JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures.

It consists of:

  • A JOSE Header (the union of the JWS Protected Header and the JWS Unprotected Header), describing the digital signature or MAC used to generate the signature
  • A JWS Payload, which is the content to be transmitted
  • A JWS Signature

The JWS Signature can be used by the recipient of the JWS to verify the integrity of the JWS Protected Header, JWS Payload and JWS Signature.

It is specified in RFC 7515.

32 questions
12
votes
5 answers

How to solve JsonWebTokenError "invalid signature" after assigning some infos to the generated token?

Have a problem when trying to verify the token (it was working fine before i added some data to it before generating it) .. but now it does not seem to be working ! This is how i generate the token when user send a POST request…
Med Nour
  • 163
  • 1
  • 2
  • 9
8
votes
1 answer

How To Validate Google Identity Service (GIS) Access Token On Server Side In C# / .NET?

I'm migrating from the old Google Sign In library to the new Google Identity Services (GIS) library. This is mandatory, since the old one will no longer be in use from March 2023. Previously, I did (simplified for clarity):
Jay
  • 740
  • 4
  • 8
  • 19
7
votes
2 answers

When would you use an unprotected JWS header?

I don't understand why JWS unprotected headers exist. For some context: a JWS unprotected header contains parameters that are not integrity protected and can only be used per-signature with JSON Serialization. If they could be used as a top-level…
markw
  • 321
  • 1
  • 3
  • 14
3
votes
1 answer

Deserializer JSON objects containing JSON Web Signatures in Django. App Store Server Notifications responseBodyV2

I have a python django rest application that I need it to be able to handle post request for App Store Server Notifications. Thing is that v2 of the App Store Server Notifications payload is in JSON Web Signature (JWS) format, signed by the App…
Nikos
  • 387
  • 2
  • 15
3
votes
1 answer

JWT.io is verifying the token based on empty secret and saying signature is verified

I am totally new to this, so please bear with my question if it's utterly stupid. I am learning how to verify signature using https://jwt.io The following is what I am doing Generated Public/Private Key Pair Private Key -----BEGIN EC PRIVATE…
daydreamer
  • 87,243
  • 191
  • 450
  • 722
3
votes
1 answer

Reliably verify a JWS certificate chain and domain

I'm writing backend code to verify a JWS from Google's SafetyNet API, in Node.JS. I was surprised to not find a readily available module for this, so I started looking at some simple verification of the JWS using available libraries: First of all,…
JHH
  • 8,567
  • 8
  • 47
  • 91
3
votes
1 answer

What is a use case for having multiple signatures in a JWS that uses JWS JSON Serialization?

I read the JSON Web Signature specification that can be found here. The spec defines two serialization representations for JSON Web Signatures. One is the JWS Compact Serialization and the other is JWS JSON Serialization method. The JWS JSON…
Rob L
  • 3,073
  • 6
  • 31
  • 61
2
votes
1 answer

How to decode signature part of JSON Web Token

I am having the following JSON Web…
Puneet Pant
  • 918
  • 12
  • 37
2
votes
1 answer

TimedJSONWebSignatureSerializer vs URLSafeTimedSerializer: When should I use what?

I found TimedJSONWebSignatureSerializer and URLSafeTimedSerializer. I wonder why those two methods exist. As a user of that library, what are reasons to chose one or the other? What I've tried I didn't even find TimedJSONWebSignatureSerializer in…
Martin Thoma
  • 124,992
  • 159
  • 614
  • 958
1
vote
1 answer

Verifying the signature of a id_token JWT using verifyWithKey from the Spomky Labs JWT Framework takes over 30 seonds

I would like to verify the signature of id_tokens provided through Open ID Connect (OIDC) by Azure AD. It is taking a long time to process and verify a single token, which will introduce significant delays to the user authentication experience, and…
TomBertie
  • 13
  • 2
1
vote
1 answer

How to Validate HTTP message with JWS Detached

I wanted to know how I can validate HTTP messages with JWS Detached. Currently, I am receiving x-sign-jws request in header which looks like below eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..UXwjHxU3tFlrzPMupG04zROiEcHFQpCg3l7J4Axr1fE I need to verify…
Lavkush Tari
  • 65
  • 1
  • 4
1
vote
1 answer

Storing RSA256 keys for JWT

I am having issues storing RSA256 private and public tokens for Json Web Tokens (JWT). I am using jsonwebtoken.io, and I create the token and am able to very the token with private and public keys that have been stored as text in my database. …
Androme
  • 2,399
  • 4
  • 43
  • 82
1
vote
1 answer

Different digital signature results between PHP and Javascript JWA

I'm trying to generate a signature using RSA 256 but I've got a different result between JavaScript and PHP. My JavaScript code: let private_key_path = Helpers.publicPath('key/API_Portal.pem'); // password .pem file let password = 'mandiri123'; let…
Karomah Almunawar
  • 13
  • 3
1
vote
1 answer

Where do i have to put the JOSE header when creating JWS signature?

I have to create a JWS signature and the JOSE header has to look like this : { "alg": "HS256", "kid": "V3vEe66RJm85eD72", "b64": false, "http://openbanking.org.uk/iat": 1501497671, "http://openbanking.org.uk/iss": "C=UK, ST=England,…
juniordevjim
  • 47
  • 6
1
vote
1 answer

How to Create a JSON Web Signatures (JWS) in ASP.NET MVC and C#

I am new to JWS concept, and have been asked to create a snippet for JSON signature in C#. We would be having multiple signatures, so each time a JSON payload is signed, it will be added to the signatures. I checked about JWS JSON Serialization and…
Siddharth
  • 436
  • 2
  • 11
  • 29
1
2 3