nodebb-plugin-session-sharing icon indicating copy to clipboard operation
nodebb-plugin-session-sharing copied to clipboard
verified publisher icon julianlam

Support RSA and HMAC Signing

Open joshughes opened this issue 9 years ago • 1 comments

http://blog.jedd-ahyoung.com/2015/07/25/using-asymmetric-jwt-on-the-server-and-the-client/

HMAC signing requires a shared key. This presents security issues. Asymmetric encryption means that only the server issuing the JWT payload is able to sign, but using the public key clients can verify the signature.

  1. Allow users to pick the Signing Method (HMAC or RSA)
  2. Since JWT has the data about what signing method was used... This plugin should be able to use that data to select the right key to verify the signature.

@julianlam

joshughes avatar Apr 28 '17 16:04 joshughes

Any updates on this?

cosmotek avatar Feb 15 '24 18:02 cosmotek