Does JWT work on shared key mechanism or public -private key mechanism ??
Suppose I have a content which i encrypt with JWT on Node.js but i want to decrypt this content on shell script ? Is this possible with JWT… if yes how can we do this
Does JWT work on shared key mechanism or public -private key mechanism ??
Suppose I have a content which i encrypt with JWT on Node.js but i want to decrypt this content on shell script ? Is this possible with JWT… if yes how can we do this
JWT can work with either.
You can use HS256 that makes use of a symmetrical (i.e., shared) key. Auth0 uses the client secret as the key in this case.
RS256 in contrast uses public key encryption (i.e., public/private key pair), and is the ideal choice given the key used to sign the token is kept secret.
This article explains in detail how RS256 signed tokens work and how you can verify them with the JWKS endpoint. It includes examples in Node.js, so it should give you a good idea of how to implement it in your application.
You can check the alg
property of the JWT to determine which algorithm your JWT uses as described here