token - Decoding HS256 in client side? -
i'm using json web tokens app.
when login site , want see user logged in, have stored token needed data in encoded in hs256.
should use token payload show "hello ..." , user name inside payload, or should decode token server side , retrieve user data there?
is there client-side library decode hs256 me use? or bad practice , should avoided.
jwt self-contained , protected digital signature. can use information contained in token, should validate expiration time , ensure digital signature has not been altered.
to verify signature on client side need key asymmetrical , use public key verify. may send token server save problems. depends on operation take risk, long token used autenthication on server , performs validation
is there client-side library decode hs256 me use? or bad practice , should avoided.
in fact, not need library. payload base64 url encoded, , can decoded in programming language. need library verify digital signature. take @ jwt.io
Comments
Post a Comment