ToolypetMCP
intermediate4 minutessecurity

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

jwtauthenticationtotp2fa

このレシピの使いどころ

Complete JWT authentication setup for web APIs. Combines token generation with 2FA for enhanced security, following OWASP best practices.

ステップ

1

Secret Generator

このツールを試す

Create a secure signing key

プロンプト:Generate a 256-bit random secret in hex format for JWT signing
2

JWT Generator

このツールを試す

Create a signed JWT token

プロンプト:Generate a JWT with payload {sub: 'user123', role: 'admin'} using HS256 and the secret, expires in 1 hour
3

JWT Decoder

このツールを試す

Verify the token structure

プロンプト:Decode the generated JWT to verify its header and payload
4

TOTP Generator

このツールを試す

Set up two-factor authentication

プロンプト:Generate a TOTP secret for 2FA with issuer 'MyApp'

よくある質問

Should I use HS256 or RS256 for JWT?

Use HS256 for simple setups where the same server signs and verifies. Use RS256 for microservices where different services verify tokens with a public key.

How long should JWT tokens last?

Access tokens: 15 minutes to 1 hour. Refresh tokens: 7-30 days. Shorter lifetimes reduce the impact of token theft.

関連レシピ

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

SSL Certificate Verification

Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.

すべてのレシピに戻る