After setting up my first Express server and implementing user authentication with jwt, I'm now searching for a method to encrypt the jwt in order to prevent users from viewing the payload on the website.
I am curious if anyone is aware of an encryption algorithm that can effectively hide the payload without requiring the use of a public/private key pair?
RS256 employs digital signatures to provide Integrity, Authenticity, and Non-repudiation for the generated token. However, it does not guarantee Confidentiality.
If you wish to utilize JWE (JSON Web Encryption) with JWT, it is possible. Since you act as both the issuer and recipient of the token, it is recommended to opt for symmetric encryption. Asymmetric crypto may not be suitable because anyone possessing the public key could encrypt the data, posing a threat to the authenticity of the producer of the JWE.
To achieve Integrity, Authenticity, and Confidentiality, you will need an implementation or library that supports JWE formatted JWTs. For example:
npm install jose@4
For encryption, refer to EncryptJWT
import * as crypto from 'crypto'
import { EncryptJWT } from 'jose'
const secretKey = crypto.randomBytes(32) // insert your own 32-byte secret as a Buffer
const jwt = await new EncryptJWT({ 'urn:example:claim': true })
.setProtectedHeader({ alg: 'dir', enc: 'A256GCM' })
.setIssuedAt()
.setIssuer('urn:example:issuer')
.setAudience('urn:example:audience')
.setExpirationTime('2h')
.encrypt(secretKey)
This process results in a JWE-formatted JWT that cannot have its payload decrypted without knowledge of the secretKey.
eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIn0..Wz7DdwAPlbq4cYxn.OMfWJTMuyfLcdN4g541KfcDFKaL5y2bBaFIxuC_-mVa7YLE4M7bVfiO9R2umvpD_acGj5l3gvxulcRnHzBMeRpm4qgbJuWVdA1fYUOguDs1h2xtesZ_9iZUEtcu3hEJ1wVM46ad-9dPebe_VaWwe4XVU5GM.7lDflVFg_Qm3N88xX8Dy1A
To decrypt and verify the JWT Claim Set, use jwtDecrypt
import { jwtDecrypt } from 'jose'
const { payload, protectedHeader } = await jwtDecrypt(jwt, secretKey, {
issuer: 'urn:example:issuer',
audience: 'urn:example:audience'
})
Is it possible to dynamically load a page on button click, pass data to the new page using jQuery AJAX, and place the received value in an input field within the loaded page? Basically, the scenario is as follows: A button named "Something" triggers the l ...
I am trying to retrieve the most recent document from a collection using mongoose in conjunction with nodejs/expressjs. In addition, I am implementing server-side pagination which prohibits me from reversing the order of retrieval after fetching. exports. ...
I'm still getting the hang of node and npm, so this question is more theoretical in nature. Recently, I decided to incorporate jQuery into my website by running npm install jquery, which placed a node_modules directory in my webpage's root along ...
I am facing an issue with a simple class that I have created. I can instantiate it and call the init function without any problems, but I am unable to call another method from the onchange attribute. Below is the code for the class: var ScheduleViewer = ...
Our website utilizes ExpressionEngine as the CMS and Magento's cart for e-commerce. I am encountering challenges with cookies and their accessibility in various sections. A cookie is used for storing search selections, allowing users to return to our ...
Encountered an issue that appears to be related to how anchor tags are implemented in Rhino. Despite using env.js, there might be a configuration error causing the problem. The issue arises when writing unit tests for code designed for an angularjs applic ...
After reading the discussion on Does JavaScript guarantee object property order? It seems that Object.entries() should maintain order. However, I encountered an issue with my Angular website where the order of keys in Object.entries() changed upon refres ...
I've recently been putting together an e-commerce application using Angular 14. Currently, I'm tackling a form that must only be submitted once the user accepts the "Terms & Conditions" shown in a modal popup. The FormComponent and ModalCompone ...
I've been working on an Angular 2 application and I'm looking to redirect users from www.example.com to admin.example.com after they successfully log in. What is the best way to accomplish this using Angular 2? Additionally, how can I test this f ...
In the component below, we have a Server Component that fetches and renders data. When router.refresh() is called on click, it reruns the page and refetches the data. However, there is an issue with Nextjs preserving the state. Even though the server compo ...
Despite searching for solutions, I am unable to get the desired outcome. When I check my JavaScript array in the console, it appears like this: [] 0:Object stock:27 createdtime:"2016-04-08T04:00:00+0000" id:"693852404037393999" units:438 ...
Can the location of the node_modules folder be modified? For instance: - dir1 - dir2 - node_modules to: - dir1 - dir2 - node_modules ...
Could you offer some guidance on how to push the content from a text box into JSON when I click outside of the box? Below is the code for my text box: <input type="text" name="treatmentCost" class="form-control" ng-model="addTemplate" /> And here i ...
As a budding node js developer embarking on a personal project, I was pleasantly surprised to discover open source packages on npm that align with my current development goals. These packages introduce cutting-edge concepts that I have yet to explore and ...
Attempting to modify a configuration file in order to run a program, I have a few lines that are currently executing the script. However, I need to add more instances, so I want to include 500 files with the same configuration information in the .json form ...
Seeking assistance with a JavaScript project - I'm attempting to develop a Bubble Buster game reminiscent of pong, but with multiple bubbles. The goal is to have falling bubbles on screen (roughly 100 in total) in various colors dropping from random l ...
I have a function below that is meant to filter only the order_id from the info collection. However, instead of receiving just the _id and order_id, the callback is getting all keys and values from the database. Node version: 9.4 Mongo version: 3.4 var li ...
userData is a function that retrieves user data from an API using getUserByChainAccount. The username required by getUserByChainAccount is dynamically fetched from buyer. I'm trying to access the avatar, but I keep encountering the error message Unha ...
Is it possible to trigger a JavaScript function from the "onclientclick event" of a button that has a ValidationGroup assigned? <asp:Button ID="btnTest" runat="server" Text="Test" OnClick="btnTest_Click" ValidationGroup="Valid ...
After retrieving the dimensions and coordinates from the jQuery plugin imgAreaSelect, I am looking for guidance on how to update the image in my database based on this selection. The database contains a tempImage and Image field, and my goal is to allow ...