What is sharedSecret in JWT

166 Views Asked by Manu Chadha At 20 October 2024 at 13:09

In Silhouette, a JWT authenticator could be created using the following class

JWTAuthenticatorSettings(fieldName: String = "X-Auth-Token", requestParts: Option[Seq[api.util.RequestPart.Value]] = Some(Seq(RequestPart.Headers)), issuerClaim: String = "play-silhouette", authenticatorIdleTimeout: Option[FiniteDuration] = None, authenticatorExpiry: FiniteDuration = 12 hours, sharedSecret: String)

What is the use of sharedSecret? Is it what the application would use when signing the JWT header/claims payload?

HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  sharedSecret)

Original Q&A

There are 1 best solutions below

vharavy On 14 May 2018 at 12:36 BEST ANSWER

Looking at the formula it looks like sharedSecret should be just secret. This is important since it should not be shared with clients. Usually, there is only one secret parameter (or several) that is used for all clients. Maybe in this sense, it is shared.

What is sharedSecret in JWT

There are 1 best solutions below

Related Questions in JWT

Related Questions in SILHOUETTE

Trending Questions

Popular # Hahtags

Popular Questions