[Security] Verifying an Auth0 token
an Security Token
2023-09-14 08:59:12 时间
Auth0 returns a JWT token
- JSON that contains information about a user
- No need to send a request to Auth0 to verify JWT
- What pervents anyone to generate it?
The JWT token return by Auth0 are signed by Auth0 as well.
- We can just verify the signature
OAuth allows to use one of the two algorithms that it can use to sign a JWT token:
Symmetric (HS256)
- The same key for signing a token (by Auth0) and verifying a token (by our application)
- We need to store a key securely
- If this key leaks, an attacker can sign fradulent JWT token
Asymmetric (RS256)
- Different keys are used for signing and verifying a token
- We don't need to store the key
- Auth0 is responsible for storing a token
- We only get a sertificate to verify a token (Not signing)
Symmetric Signing:
- Auth0 use the secret to generate a toekn
- Return a Signed token to client
- Client send signed token to API Gateway
- Api Gateway has to use the same secret to to validate the signed token to get Cerificate
Asymmetric Signing:
- Auth0 uses a Private key which only use for signing
- Return the singed token to client
- Client send signed token to API Gateway
- We have a use a Cerificate to verify the singed token
Here is a code snippet that can be used to verify a JWT token with Node.js:
import { verify } from 'jsonwebtoken'
const jwtToken = '...'
const secret = '...'
verify(jwt, secret)
// If an exception is not thrown a JWT is valid
Create an Application in Auth0
- Create an application
相关文章
- [Spring Security] An Simple example configuration
- [Algorithm] 448. Find All Numbers Disappeared in an Array
- [Angular 2] Using a Reducer to Change an Object's Property Inside an Array
- [Javascript] Modifying an Immutable.js Map()
- [AngularJS]21. Creating an Attribute Directive
- [Security] Verifying an Auth0 token
- [Spring Security] An Simple example configuration
- [Javascript] Create an Async Generator and Loop Through Generated Promises with "For Await Of" Loops
- [React + CSS3] Create an Animate Content Placeholder for Loading State in React
- [HTML5] Add an SVG Image to a Webpage and Get a Reference to the Internal Elements in JavaScript
- [Algorithms] Sort an Array with a Nested for Loop using Insertion Sort in JavaScript
- [TypeScript] Find the repeated item in an array using TypeScript
- [Ramda] Create a Query String from an Object using Ramda's toPairs function
- 已解决(机器学习填补数值型缺失值时报错)TypeError: init() got an unexpected keyword argument ‘axis’