How to validate the jwt on server?

ywj79310 · August 17, 2023, 3:53am

From client, I sent a RS256 to the server.

In server, I am using jsonwebtoken to validate it.
However, it requires a secret key:

io.use(function(socket, next){
  if (socket.handshake.query && socket.handshake.query.token){
    jwt.verify(socket.handshake.query.token, 'SECRET_KEY', function(err, decoded) {
      if (err) return next(new Error('Authentication error'));
      socket.decoded = decoded;
      next();
    });
  }
  else {
    next(new Error('Authentication error'));
  }    
})

How to get the secret key?

dan.woda · August 18, 2023, 2:53pm

Hi @ywj79310,

Welcome to the Auth0 Community!

For an RS256 signed token, you will need the token’s Public Key. You can manually add the key to that library, or fetch the JWKS programatically. There are examples of both in the README for that library: GitHub - auth0/node-jsonwebtoken: JsonWebToken implementation for node.js http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html

If you are using Auth0, you can find the key following this resource:

system · September 1, 2023, 2:54pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Where is the Auth0 public key to be used in jwt.io to verify the signature of a RS256 token? Help auth0 , certificate , jwtio , rsa	6	40263	September 15, 2022
How do I verify an Auth0 JWT with Node.js > Jose? Help login-experience , new-universal-login-experience	2	2917	December 15, 2023
Verify RS256-signed JWT tokens Help oauth-2-0 , protocols	2	1527	March 29, 2023
Verify JWT token received from auth0 JWT.io jwt , auth0	4	21774	January 12, 2020
Why does jwt.verify() give "invalid signature"? JWT.io	13	92468	January 22, 2019

How to validate the jwt on server?

Related Topics