How to validate the jwt on server?

ywj79310 · August 17, 2023, 3:53am

From client, I sent a RS256 to the server.

In server, I am using jsonwebtoken to validate it.
However, it requires a secret key:

io.use(function(socket, next){
  if (socket.handshake.query && socket.handshake.query.token){
    jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
      if (err) return next(new Error('Authentication error'));
      socket.decoded = decoded;
      next();
    });
  }
  else {
    next(new Error('Authentication error'));
  }    
})

How to get the secret key?

dan.woda · August 18, 2023, 2:53pm

Hi @ywj79310,

Welcome to the Auth0 Community!

For an RS256 signed token, you will need the token’s Public Key. You can manually add the key to that library, or fetch the JWKS programatically. There are examples of both in the README for that library: GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

If you are using Auth0, you can find the key following this resource:

system · September 1, 2023, 2:54pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Where is the Auth0 public key to be used in jwt.io to verify the signature of a RS256 token? Help auth0 , certificate , jwtio , rsa	6	40385	September 15, 2022
Jwt verification error Help jwt , auth0	3	7368	September 4, 2019
How do I verify an Auth0 JWT with Node.js > Jose? Help login-experience , new-universal-login-experience	2	2990	December 15, 2023
Verify RS256-signed JWT tokens Help oauth-2-0 , protocols	2	1541	March 29, 2023
Which sectet do I need to verify the jwt in NodeJS? Help login-experience , new-universal-login-experience	2	1426	February 4, 2023

How to validate the jwt on server?

Related Topics