https://stackoverflow.com/questions/21552457
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou could use JS lib and calculate with its help at client side : http://kjur.github.io/jsrsasign/
:)
How do I verify a HMAC or an RSA-SHA signature in client-side JavaScript?
-
06-10-2022 - |
質問
I am using JSON web tokens (JWT) for claims-based authentication. To hinder tampering I am also using JWS to digitally sign the token.
How can I verify the signature on the client-side (I am using the JWT for a SPA)?
And, in case I'd also use JWE, how could I decrypt the token client-side?
PS: Of course I know the answer: Just decrypt and / or verify using the matching algorithm … my question is more of how to accomplish this.
解決
他のヒント
Keep in mind if you're using HMAC this won't work because you'd have to share the secret with the client, which is not recommended because browsers can't keep secrets. With asymmetrical encryption, this isn't a problem because the browser can use the public key.
所属していません StackOverflow
