18,527 questions
-1
votes
1
answer
35
views
Failed to fetch when GETting json file from backend using Jwt Token
I am using a spring boot as backend and react frontend to create a website and I am encountering an error when fetching a user profile using browser from the backend.After login i managed to generate ...
-4
votes
0
answers
90
views
Token in HttpOnly Cookie not being send when using include [closed]
I'm trying to make an simple chat website for a school project. The frontend is vanilla JS and backend is ASP DOTNET 8. It is now that I have a lot of trouble with authorization. Login and register ...
0
votes
1
answer
68
views
401 Unauthorized despite sending login token in Headers
I am trying to do a POST to an API endpoint api/auth/assign-role with this data :
{
"userId": "3d2243fc-8d32-4889-a7e2-624af56a3f91",
"role": "Doctor"
}
...
- 1,297
1
vote
0
answers
55
views
How to enable endpoints with optional authentication using the Litestar framework
I am trying to define endpoints in a Litestar application in which authentication is optional, but am failing to understand how this can be accomplished with the JWTAuth security backend.
With an ...
- 23
Best practices
0
votes
0
replies
32
views
How to integrate a new authentication microservice (v2) with a legacy monolithic system (v1)?
We currently have a new microservice that handles authentication, authorization (RBAC), and KYC as part of our v2 architecture.
We also have an older legacy system (v1) which is fully monolithic — ...
-2
votes
0
answers
73
views
JWT authentication: req.user is undefined in protected routes even though token is valid [closed]
I'm implementing JWT Authentication in a full-stack (React + Node.js + Express) application. Login works, token is generated correctly, and the client sends it in the Authorization header.
However, ...
3
votes
1
answer
102
views
Does creating multiple JWT authentication tokens mean multiple server sessions for concurrent requests?
I'm participating in an online Sudoku-solving challenge where you create an account, and the server gives you a JWT token. Every request (getting the board, submitting answers, etc.) must include that ...
- 55
0
votes
0
answers
57
views
401 Unauthorized error when submitting multipart/form-data without multipartfile
I'm a beginner working on a team project and currently creating a "board" page in React + Spring Boot.
I'm really confused because I keep getting a 401 Unauthorized error when submitting a ...
- 1
0
votes
0
answers
26
views
Unable to connect signalr hub with jwt authentication
List item
[2025-11-19T14:03:33.645Z] Error: Failed to start the transport 'WebSockets': Error: WebSocket failed to connect. The connection could not be found on the server, either the endpoint may not ...
0
votes
2
answers
84
views
I am having an issue with TypeScript and express-jwt
This is TypeScript code that I wrote a couple of years ago:
import { expressjwt } from "express-jwt";
import { Request } from 'express';
class Authentication {
static loginRequired() {
...
0
votes
0
answers
20
views
JWT malformed error in Express verifyJWT middleware even though cookie is set
I'm building an authentication system in Node.js (Express + MongoDB), and I'm getting this error when verifying the access token:
Error: jwt malformed
at ... auth.middleware.js:38:15
Here is my ...
Best practices
1
vote
4
replies
85
views
JWT and CSRF tokens or just JWT token for security?
Good day peeps,
What's the purpose of having both a JWT and CSRF token stored in cookies?
If a malicious actor steals/performs a replay attack, they will be authorized and receive the same data as the ...
- 3
0
votes
0
answers
72
views
JWT claims in Blazor web app do not get taken over
The purpose of this app is to have a template app I can use for multiple applications in the future, so I don't have redo all the authentication (and some database stuff) to focusing on building web ...
- 1
1
vote
0
answers
33
views
Power pages portal auth token validation failed with public key
I created a self-signed certificate and added it in power platform admin center using the following commands:
$certificateName = "powerpages.yourdomain.com"
$certPassword = ConvertTo-...
- 33
2
votes
1
answer
76
views
Token refresh with dio fails (sometimes)
This is the code of AuthInterceptor which I use for triggering token refreshing. For safety (that I the interceptor of main dio instance won't attach accesstoken to refresh token api) I even use a ...
1
vote
2
answers
116
views
Why does my FastAPI websocket connection close immediately after authentication?
I’m building a secure messaging app using FastAPI with JWT authentication and websockets.
My issue is that after the client connects with a valid token, the websocket closes right away with code 1006.
...
0
votes
1
answer
45
views
Rails 7 / GraphQL-Ruby: ActionCable subscription always 403 Forbidden when connecting with JWT
Problem Description
I'm trying to set up GraphQL subscriptions in a Rails 7 backend using ActionCable. The subscription works from the Rails console — I can broadcast events and they are received. ...
0
votes
0
answers
44
views
API with JWT Auth to Get File, with SSIS
I'm trying to make a package to download some data from host who implemented JWT authentication.
Is this possible with stock SSIS components (as of 2025) ?
I don't see dedicated API box for this, so ...
- 393
0
votes
1
answer
100
views
How to Avoid JWT Collision While Receiving Bearer Token
I am doing a Django project where I am using JWT token for authentication. But the problem is that two different JWT tokens are both valid with the same signature that is provided in the backend with ...
0
votes
0
answers
19
views
React redirection using auth [duplicate]
I have a app where I am using JWT authentication. When I enter the details and click on the register button, the backend API correctly returns the token but in my console the token stays only for some ...
- 93
1
vote
1
answer
78
views
JWT Payload Change [closed]
I am using jwt_tool (https://github.com/ticarpi/jwt_tool) and I want to make changes in the payload. But the problem here is that the value I want change is on second level if I may say that. here is ...
- 57
0
votes
1
answer
109
views
Browser keeps showing Windows Authentication popup after obtaining JWT token in ASP.NET app
I have an ASP.NET application (on .NET 4.5.2) where I want to use combined Windows authentication and JWT token auth.
When the app starts, it calls an endpoint like this:
/api/auth/token
This ...
- 129
2
votes
0
answers
85
views
NextAuth sends two refresh requests simultaneously on page reload (refresh token rotation)
I'm using NextAuth with a custom backend in my Next.js app.
When I refresh the page, two refresh requests are sent almost simultaneously.
The first request correctly calls /auth/refresh and gets a new ...
- 133
0
votes
0
answers
80
views
JWT injection on egress from an Istio Ambient mesh?
I can't remember the last time I had this much difficulty getting a thing working. It may just not be possible. But I'm very new to Istio so I continue to believe I may just be doing it wrong. I've ...
- 2,683
0
votes
0
answers
200
views
How can I dynamically refresh a JWT token in Airflow with Microsoft SSO using RSA?
I’ve configured Microsoft SSO with Apache Airflow using RSA-based authentication. The setup involves uploading the public key to the Azure App Registration, while Airflow holds the private key to ...
- 19
1
vote
1
answer
64
views
ASP.NET Core JWT token works on Windows but not on Mac [duplicate]
Today I ran into an issue with my Mac. I have an ASP.NET backend API which uses JWT authorization. It works completely fine on my Windows PC, but when I try to run it on my Macbook Pro M1 / Mac Mini ...
- 11
1
vote
2
answers
67
views
Spring OAuth2 Resource Server with Salesforce as IdP: how to handle roles without hitting the database every request?
Context
I have a Spring Boot REST API acting as an OAuth2 Resource Server, configured with Spring Security 6.
Salesforce is my external authorization server (IdP). The access token issued by ...
0
votes
0
answers
49
views
Cannot get client running on React to send HttpOnly Cookie with JWT back to SpringBoot Server
I'm at my wits end here. The browser is not providing the cookie on my fetch() request. I'm running a SpringBoot server on port 8081 and have set up my CORS like so:
@Bean
CorsConfigurationSource ...
0
votes
1
answer
256
views
How to securely store JWT in Kotlin Multiplatform (KMP) app for Android and iOS
I’m building a Kotlin Multiplatform (KMP) app that runs on both Android and iOS.
Currently, I’m storing the JWT token using Preferences DataStore on Android
androidx.datastore.preferences.core
...
- 437
0
votes
0
answers
86
views
SpringBoot JWT 403 Forbidden
I'm trying to consume secured rest endpoints in my application. I have the filters and all other stuff configured but when I try to consume any service passing the token always returns 403 FORBIDDEN ...
- 43
3
votes
2
answers
106
views
Any way to check a cast to a generic?
I am working on a Spring Boot application and there I use JWE - tokens. When generating these tokens I serialize a given DTO. As an example, the generation of an AccessToken looks like this:
public ...
- 33
0
votes
0
answers
35
views
How to securely pass Vault token obtained via JWT auth in GitHub Actions: composite action vs reusable workflow?
I’m trying to implement a Vault token retrieval using the JWT auth method in a GitHub Actions workflow. I’m evaluating two approaches:
Scenario 1 – Composite Action
Advantage: Token can be retrieved ...
- 351
0
votes
0
answers
87
views
JWT Sign Overloading error with typescript [duplicate]
Getting the following error when i am trying to sign in with my jwt.
No overload matches this call.
Overload 1 of 5, '(payload: string | object | Buffer<ArrayBufferLike>, secretOrPrivateKey: ...
-1
votes
1
answer
77
views
How to automatically refresh access token when receiving 403 errors in Redux Toolkit async thunks? [duplicate]
I'm building a React application with Redux Toolkit and need to handle token expiration automatically. When my access token expires, the server returns a 403 error, and I want to automatically refresh ...
- 29
0
votes
0
answers
91
views
JWT Authentication for websockets in Springboot does not pass Principal for stomp commands other than connect
i am working on JWT Authentication for websockets in springboot. In my JWT filter for WS, I found that Principal is getting null while using other stomp commands such as SEND, SUBSCRIBE. My filter ...
- 1
0
votes
0
answers
44
views
Next.js 15 + Clerk: JWT "token-not-active-yet" causing 401 Unauthorized on API calls
I'm developing a Next.js 15 application using Clerk for authentication. When trying to fetch user data from my API, I encounter this error:
JWT cannot be used prior to not before date claim (nbf)
Not ...
1
vote
1
answer
92
views
Setting cross site cookies for same root domain, diff subdomain
I deployed APIs to foo.example.com and the frontend is on bar.example.com.
When I set and send back a JWT in a cookie from the server, it only sets to be used with ui.example.com because ui.example....
- 1,494
0
votes
0
answers
48
views
Need help updating token in next auth. (next.js app router)
I have a Next.js frontend and NestJS backend.
In the backend there is token generation with refresh token rotation logic, and I want to use the same tokens in the frontend with NextAuth setup.
Here’s ...
0
votes
0
answers
47
views
Current standard for implementing a username + password login for a web application
After a few years of working at the back of the backend, I'm back working on a full-stack project. We need a username + password login with MFA which I'll use a TOTP for. There will be no third-party ...
- 1,411
0
votes
1
answer
73
views
Django + SimpleJWT: Access tokens sometimes expire immediately ("credentials not provided") when calling multiple endpoints
I’m building a Vue 3 frontend (deployed on Vercel at example.com) with a Django REST Framework backend (deployed on Railway at api.example.com).
Authentication uses JWT access/refresh tokens stored in ...
0
votes
0
answers
104
views
ASP.NET Core Web API returns 404 on all endpoints despite correct routing and configuration
##Program.cs
```
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.MapGet("/", () => "API is alive");
````
...
0
votes
1
answer
82
views
Problems with JWT Token. ASP.NET
My ASP.NET app have jwt autorization. How can I get UserEntity from a token? I want to make related record.
On one of the sites, I found stupid solution:
var nameIdentifier = User.Claims
....
0
votes
1
answer
132
views
How to verify JWT tokens from Supabase in ASP .Net Core Web API?
I am trying to use supabase auth in my React with TypeScript and Vite frontend and it works there but when I try to access the API it is not able to verify the token and I do not undestand why? Is ...
0
votes
2
answers
192
views
How to secure a refresh token in a JWT system when it's sent as an httpOnly cookie
In my React + Django project, I’m currently sending the refresh token as an HttpOnly cookie. The problem with HttpOnly cookies is that they are automatically sent by the browser, which makes them ...
- 9
2
votes
1
answer
84
views
Why i cannot set property userId on this function?
I’m building an authentication system with Express + JWT + Cookie.
I have a middleware userAuth that decodes the token and puts the userId into req.body.
Here is the code:
import jwt from "...
0
votes
1
answer
128
views
wso2 APIM introspect key validation with Keycloak always returns error 900901 invalid credentials
Introspect always returns "900901 invalid credential", please check below error trace and configuration screenshot
APIM admin key manager Configuration
Also please note that it is working ...
2
votes
2
answers
210
views
Jwt Cookie Based Authentication
Perhaps a stupid question, but here it goes. I have implemented a backend with auth/register auth/login, auth/refresh and auth/me with token-based authentication.
Now if I do a post towards the ...
- 107
1
vote
1
answer
405
views
Permission denied despite correct RLS, as supabase.auth.getUser() returns null on server
I'm building a Next.js 14 (App Router) application using Clerk for authentication and Supabase for the database. Despite following the latest integration guides, I'm stuck on a persistent 42501 ...
- 153
0
votes
1
answer
227
views
How to handle feature and permission-based authorization in Next.js without delaying initial render?
I’m building a multi-tenant SaaS application with Django Ninja as the backend and Next.js as the frontend. I’m running into a problem around handling RBAC permissions and org-level feature ...
- 37
0
votes
0
answers
417
views
An error occurred while attempting to decode the Jwt: Timeout while waiting for cache refresh
I have a Spring Boot application that uses JWT Token based authentication. The issuer and IDP of the token is Auth0.
Sometime back I got an error An error occurred while attempting to decode the Jwt: ...
- 408