ToolypetMCP
intermediate4 minutessecurity

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

jwtauthenticationtotp2fa

何时使用此配方

Complete JWT authentication setup for web APIs. Combines token generation with 2FA for enhanced security, following OWASP best practices.

步骤

1

Secret Generator

试用此工具

Create a secure signing key

提示词:Generate a 256-bit random secret in hex format for JWT signing
2

JWT Generator

试用此工具

Create a signed JWT token

提示词:Generate a JWT with payload {sub: 'user123', role: 'admin'} using HS256 and the secret, expires in 1 hour
3

JWT Decoder

试用此工具

Verify the token structure

提示词:Decode the generated JWT to verify its header and payload
4

TOTP Generator

试用此工具

Set up two-factor authentication

提示词:Generate a TOTP secret for 2FA with issuer 'MyApp'

常见问题

Should I use HS256 or RS256 for JWT?

Use HS256 for simple setups where the same server signs and verifies. Use RS256 for microservices where different services verify tokens with a public key.

How long should JWT tokens last?

Access tokens: 15 minutes to 1 hour. Refresh tokens: 7-30 days. Shorter lifetimes reduce the impact of token theft.

相关配方

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

SSL Certificate Verification

Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.

返回所有配方