gitcommitshow / Auth Jwt
Licence: mit
A demo to learn JWT by reverse engineering
Stars: ✭ 208
Programming Languages
javascript
184084 projects - #8 most used programming language
Projects that are alternatives of or similar to Auth Jwt
Express Graphql Boilerplate
Express GraphQL API with JWT Authentication and support for sqlite, mysql, and postgresql
Stars: ✭ 201 (-3.37%)
Mutual labels: express, authentication, jwt
Express Rest Api Boilerplate
Express REST API with JWT Authentication and support for sqlite, mysql, and postgresql
Stars: ✭ 384 (+84.62%)
Mutual labels: express, authentication, jwt
Express Mongodb Rest Api Boilerplate
A boilerplate for Node.js apps / Rest API / Authentication from scratch - express, mongodb (mongoose).
Stars: ✭ 153 (-26.44%)
Mutual labels: express, authentication, jwt
Express Jwt
An example API for creating/verifying json web tokens
Stars: ✭ 105 (-49.52%)
Mutual labels: express, authentication, jwt
Securing Restful Apis With Jwt
How to secure a Nodejs RESTful CRUD API using JSON web tokens?
Stars: ✭ 301 (+44.71%)
Mutual labels: express, authentication, jwt
Mern Boilerplate
Fullstack boilerplate with React, Redux, Express, Mongoose, Passport Local, JWT, Facebook and Google OAuth out of the box.
Stars: ✭ 112 (-46.15%)
Mutual labels: express, authentication, jwt
Rodauth Rails
Rails integration for Rodauth authentication framework
Stars: ✭ 150 (-27.88%)
Mutual labels: authentication, jwt
Spark Pac4j
Security library for Sparkjava: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 154 (-25.96%)
Mutual labels: authentication, jwt
Api guard
JWT authentication solution for Rails APIs
Stars: ✭ 159 (-23.56%)
Mutual labels: authentication, jwt
Pac4j
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 2,097 (+908.17%)
Mutual labels: authentication, jwt
Node Express Mongoose Passport Jwt Rest Api Auth
Node, express, mongoose, passport and JWT REST API authentication example
Stars: ✭ 146 (-29.81%)
Mutual labels: express, jwt
Security.identity
.NET DevPack Identity is a set of common implementations to help you implementing Identity, Jwt, claims validation and another facilities
Stars: ✭ 165 (-20.67%)
Mutual labels: authentication, jwt
Mern
🌐 MERN stack 2.0 - MongoDB, Express, React/Redux, Node
Stars: ✭ 175 (-15.87%)
Mutual labels: express, jwt
Jose2go
Golang (GO) implementation of Javascript Object Signing and Encryption specification
Stars: ✭ 150 (-27.88%)
Mutual labels: jwt, signature
Cognito Express
Authenticates API requests on a Node application by verifying the JWT signature of AccessToken or IDToken generated by Amazon Cognito.
Stars: ✭ 165 (-20.67%)
Mutual labels: authentication, jwt
Sanic Jwt
Authentication, JWT, and permission scoping for Sanic
Stars: ✭ 189 (-9.13%)
Mutual labels: authentication, jwt
Nextjs Jwt Authentication
A proof of concept app for demonstrating authentication of Next.js app with JWT.
Stars: ✭ 191 (-8.17%)
Mutual labels: authentication, jwt
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (-10.58%)
Mutual labels: authentication, jwt
A demo to learn JWT by reverse engineering
How To Use It
- Head over to the demo hosted on repl.it (Or run it on your local machine : clone repo -> npm install -> npm start)
- Play around with the configurations
- Read the cues at every page with more resources to go deeper into concepts
Documentation
If you want to extend code for more functionalities, checkout the documentation
References
About Tokens
Cryptography
- Assymetric Cryptography
- Digital Signatures : Verifying authenticity of message
- Forward Secrecy : A way to protect against future compromises of private key
- Encryption vs Signing
- Encryption vs Encoding
- Hashing vs Encoding cs Encryption vs Obfuscation
Invalidating JWT
- Simply remove the token from the client
- Create a token blacklist
- Just keep token expiry times short and rotate them often
- Contingency Plans : allow the user to change an underlying user lookup ID with their login credentials
A common approach for invalidating tokens when a user changes their password is to sign the token with a hash of their password. Thus if the password changes, any previous tokens automatically fail to verify. You can extend this to logout by including a last-logout-time in the user's record and using a combination of the last-logout-time and password hash to sign the token. This requires a DB lookup each time you need to verify the token signature, but presumably you're looking up the user anyway.
Securtity Risks
Implementations(Examples/Demos)
- Demo: How Docusign APIs auth workflow using JWT access token and refresh tokens
- JWT Authentication & Authorization in NodeJs/Express & MongoDB REST APIs(2019)
- JWT+Passport
- JWT+Passport : Code
- JWT+Passport : Guide on DO
- Passport-jwt
- Refreshing token using node-jsonwebtoken
Other Useful Tools
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].