Generating secret for digest authentication

Recently I started working with JWT based authentication. After user login, a user token is generated which will look like

It consist of three parts each separated with a dot(.).First part is header which Base64 encoded. After decoding we will get something like

Second part is claims and Base64 encoded. After decoding we will get something like

Third part is signature and is generated with

Now what is this secret key and how to generate this secret key??

I tried some online generator like "http://kjur.github.io/jsjws/tool_jwt.html" but dint get much help.

3 Answers 3

The algorithm ( HS256 ) used to sign the JWT means that the secret is a symmetric key that is known by both the sender and the receiver. It is negotiated and distributed out of band. Hence, if you’re the intended recipient of the token, the sender should have provided you with the secret out of band.

If you’re the sender, you can use an arbitrary string of bytes as the secret, it can be generated or purposely chosen. You have to make sure that you provide the secret to the intended recipient out of band.

For the record, the 3 elements in the JWT are not base64-encoded but base64url-encoded, which is a variant of base64 encoding that results in a URL-safe value.

Кадый день в логе апача появляется следующее. Как поправить?

Digest: generating secret for digest authentication .
[notice] Digest: done
[notice] SSL FIPS mode disabled
[warn] WARNING: Attempt to change ServerLimit ignored during restart
[notice] Apache/2.2.3 (CentOS) configured — resuming normal operations
[error] [client 212.79.104.35] Directory index forbidden by Options directive: /var/www/html/
[error] [client 184.95.40.147] Directory index forbidden by Options directive: /var/www/html/
[error] [client 23.94.186.234] Invalid method in request x16x03x01
[error] [client 61.240.144.66] Directory index forbidden by Options directive: /var/www/html/
[error] [client 111.226.189.70] Directory index forbidden by Options directive: /var/www/html/

Читайте также:  Большой пинг в играх windows 10

Я работаю через журнал ошибок нашего веб-сервера для проекта с открытым исходным кодом. Я вижу повторяющиеся записи для:

Конфигурационный файл: /etc/httpd/conf/httpd.conf . LogLevel установлен в Предупреждение LogLevel . ErrorLog установлен в "logs/error_log" .

Какова, собственно, ошибка, которую сообщает Apache? Как это исправить?

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *

Adblock detector