DEV Community

loading...

Discussion on: How to securely store JWT tokens.

Collapse
learnitmyway profile image
David

"This is achieved by verifying the received token with the exact same key that was used to sign it in the first place" - If I understand this correctly, this would be a symmetric key. It also possible to have an asymmetric key that uses a public and private key. See also stackoverflow.com/questions/329009...

Collapse
gkoniaris profile image
George Koniaris Author

Yes, that's correct. I think it's useful when the client wants to verify that the token was issued by a specific authority. Have you ever used it like this?