Reputation: 1178
add security to stateless JWT authentication
I've implemented an stateless server which im using JWT for let users access the APIs. my concern here is about security. same question before but with not well answered: JWT, Stateless Authentication, and Security
Question: using some factors like JWE(to encrypt the token) or using a strong secret to sign the tokens &... can make the procedure more secure but what if the ALL SECURITY WE IMPLEMENTED JUST DEPENDS ON SECRET KEY
what if the SECRET KEY gets stolen? then no matter how many security layers we used, the hacker can make a valid token using the secret key and access all APIs. is there any solution to make it more secure?
Upvotes: 0
Views: 91
Answers (1)
Reputation: 121
If your secret key to generate your token is compromised, juste change it. That will invalidate all previous created JWT token.
Upvotes: 1
Related Questions
- JWT Authentication / Laravel
- Securing a JWT token
- PHP authentication with JWT
- Authorize PHP application permanently to make requests to JWT auth protected API
- Laravel API Authentication with JWT
- Secure AND Stateless JWT Implementation
- JWT for stateless API, but session control for security
- Best way to implement JWT?
- PHP: JWT based authentication
- PHP Stateless Authentication