Is payload tampering possible when making request to resource server with JWT?

Question

As we know the JWT is signed with secret key so the token itself can not be tampered but the payload we send to resource server with JWT can be plain text/json/xml/query string so how can we protect payload from tampering?

Answer 1

JWT by itself is not tamper proof. To make it secure, it must be transformed with these 2 steps:

1. Sign with Sender's private key
2. Encrypt with Receiver's public key

Signing with sender's private key ensures that any unauthorized modification of token can be detected.

Encrypting with Receiver's public key will ensure that the token achieves secrecy and only the intended receiver can see the token content.

JWT signed by Sender is called JWS. Encrypted JWS is called JWE.

More information: https://dzone.com/articles/securing-spring-boot-microservices-with-json-web-t

Answer 2

Unfortunately, there is no standard way to ensure that the request body has not been tampered during the transport using http headers.

AFAIK and among all the authentication schemes listed by the IANA, none of them have such feature.

However if your project is limited to a few number of clients or if you provide a detailed documentation, you can implement your own request signature mechanism.

I recommend you to read more about the following initiatives. Theses ones could help you in that implementation:

• AWS Signature Version 4: certainly the most interesting resource. It also allows POST (maybe PUT and PATCH) requests to be signed
• Hawk: same as above. Not widely used though.
• OAuth 2.0 Message Authentication Code (MAC) Tokens. This one is abandonned and do not ensure the body has not been modified.

Answer 3

tl;dr To keep your payload (and token in general) safe all you need to do is use a strong secret and signing algorithm and verify the signature before trusting the contents.

---

JWT is signed with secret key, but the payload can be plain text/json/xml/query

You seem to be confused on what a JWT is. There is no separate JWT and payload, one is part of the other. JWT consists of Header, Payload and Signature. Signature is created over both - the header and payload parts and additionally your secret key. This means that if either piece is tampered with the signature can not be verified.

From JWT introduction:

Do note that for signed tokens this information [header and payload], though protected against tampering, is readable by anyone. Do not put secret information in the payload or header elements of a JWT unless it is encrypted.

To see for yourself you can use JWT debugger. When you change the decoded header or payload their base64 values change and therefore the signature changes with them. If you were to copy-paste the old signature value into new JWT it will show invalid signature error.

Answer 4

The signature is exactly what prevents the payload from being tampered. The payload cannot be modified without invalidating the signature.

Let me also clarify that JSON Web Token (JWT) is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT is a generic name for the following types of token:

• JSON Web Signature (JWS): The payload is encoded and signed so the integrity of the claims can be verified.
• JSON Web Encryption (JWE): They payload is encrypted so the claims are hidden from other parties.

If you intend to prevent the payload from being tampered, then use JWS. If you want to hide the payload from other parties, then use JWE.