intermediate4 minutessecurity

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

jwtauthenticationtotp2fa

Cuándo usar esta receta

Complete JWT authentication setup for web APIs. Combines token generation with 2FA for enhanced security, following OWASP best practices.

Pasos

Secret Generator

Probar esta herramienta →

Create a secure signing key

Indicación:Generate a 256-bit random secret in hex format for JWT signing

JWT Generator

Probar esta herramienta →

Create a signed JWT token

Indicación:Generate a JWT with payload {sub: 'user123', role: 'admin'} using HS256 and the secret, expires in 1 hour

JWT Decoder

Probar esta herramienta →

Verify the token structure

Indicación:Decode the generated JWT to verify its header and payload

TOTP Generator

Probar esta herramienta →

Set up two-factor authentication

Indicación:Generate a TOTP secret for 2FA with issuer 'MyApp'

Preguntas frecuentes

Should I use HS256 or RS256 for JWT?

Use HS256 for simple setups where the same server signs and verifies. Use RS256 for microservices where different services verify tokens with a public key.

How long should JWT tokens last?

Access tokens: 15 minutes to 1 hour. Refresh tokens: 7-30 days. Shorter lifetimes reduce the impact of token theft.

Recetas relacionadas

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

SSL Certificate Verification

Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.

← Volver a todas las recetas