发表新帖
发表新帖

What should be the “Secret” in JWT?

后端 未结
关注
3 493
暗喜
暗喜 2021-01-31 04:08

I am going to apply JWT into my REST API developed using Java-Jersey. I am using this library for JWT - https://github.com/auth0/java-jwt

I have few questions about the

3条回答
  • 栀梦
    栀梦 (楼主)
    2021-01-31 04:32

    Use RSA256 i.e. a private/public key-pair (no 'secret' required). That way you can keep the private key secret and safe (it will only be used to sign the token) and you can use the public key to verify that the signature is correct.

    You can give the public key to anyone or any service that needs to verify that the token's signature is correct.

    0 讨论(0)
 看不清?
提交回复
热议问题