JWT HS256
Рет қаралды 1,893
Күн бұрын
@martindeveloper4856 Жыл бұрын
to be honest. I really like your channel and I am sad that you don't receive more attention. The series is nice and structured. It is step by step, and not too much information in one video, but only focus at what the title of the video is. Some explanation videos anticipate then new concepts that are vaguely explained. But you try your best to focus at what matters right now in a video. Thank you.
@ofeenee 3 жыл бұрын
Thank you.
@jgoebel 3 жыл бұрын
You're welcome!
@Euquila 3 жыл бұрын
you would also hmac it with some value that changes every time, aka "nonce"
@jgoebel 3 жыл бұрын
if the nonce would be unique then you would indeed get a different MAC for every token. But I currently don't see the security benefit you would get from this
@Euquila 3 жыл бұрын
@@jgoebel to avoid requests being maliciously replayed inside the allowed time window.. this is especially important for methods that are not safe, like POST. You should enforce uniqueness of your nonces inside a time window that is twice the duration of the allowed time window. For example, if you allow +/- 10 minutes, then the nonce should be unique up to 40 minutes