Talk:JSON Web Token

Maintenance and rating of JavaScript articles
Concerning editing and maintaining JavaScript-related articles...

Collaboration...
If you are interested in collaborating on JavaScript articles or would like to see where you could help, stop by WikiProject JavaScript and feel free to add your name to the participants list. Both editors and programmers are welcome.

Where to list JavaScript articles
We've found over 300 JavaScript-related articles so far. If you come across any others, please add them to that list.

User scripts
The WikiProject is also taking on the organization of the Wikipedia community's user script support pages. If you are interested in helping to organize information on the user scripts (or are curious about what we are up to), let us know!

If you have need for a user script that does not yet exist, or you have a cool idea for a user script or gadget, you can post it at User scripts/Requests. And if you are a JavaScript programmer, that's a great place to find tasks if you are bored.

How to report JavaScript articles in need of attention
If you come across a JavaScript article desperately in need of editor attention, and it's beyond your ability to handle, you can add it to our list of JavaScript-related articles that need attention.

Rating JavaScript articles
At the top of the talk page of most every JavaScript-related article is a WikiProject JavaScript template where you can record the quality class and importance of the article. Doing so will help the community track the stage of completion and watch the highest priority articles more closely.

Thank you. The Transhumanist 01:10, 12 April 2017 (UTC)

Propose merging criticism and vulnerabilities sections
It looks like there are now two sections for vulnerabilities, which is a bit redundant and confusing. Also, I'm not sure if the statement about HMAC-SHA256 is supported. I've put a citation needed template around it for the time being, but it seems like an WP:EXTREME claim without at least an example (although a statement from a WP:RS is preferable).

Pinging since you created the section

--Elephanthunter (talk) 19:13, 1 August 2018 (UTC)

I hesitated a lot, but there is a real difference between a vulnerability, a real failure ... and "just" Criticisms which are opinions :structured, argumented, alternatives, valuable point of views but still debatable

These criticisms could be embedded in the text, but I fear they would upset some JWT enthousiast. So I am not embarking on this alone.

As for the HMAC-SHA256, I added a link to Wikipedia's MAC definition. All MAC by definition uses a secret key. (vs. signatures that use Public/Private key.)

You would make a "vulnerabilities" or a "Criticism" or a "Vulnerabilities & Criticism" or else ??


 * "Vulnerabilities and criticism" works well. Changed the ampersand to an "and" per MOS:AMP and changed the casing per MOS:HEAD. Um... but you can only generate the a valid HMAC if you are in possession of the secret key. In the case of a JWT being handed to the browser, the browser would not have the secret key, so a HMAC could not be manipulated and regenerated. The words "totally insecure" still don't appear to apply. It is possible I am misunderstanding something though, so please if you have a WP:RS with an explanation of how JWT is totally insecure that would be helpful. It's also possible the explanation just needs reworded. --Elephanthunter (talk) 18:55, 2 August 2018 (UTC)

Propose merging and updating some references
There seems to be a bunch of reference that are to the obsoleted drafts. i.e.,

"draft-ietf-jose-json-web-signature-41 - JSON Web Signature (JWS)". tools.ietf.org. Retrieved May 8, 2015. "draft-ietf-jose-json-web-encryption-40 - JSON Web Encryption (JWE)". tools.ietf.org. Retrieved May 8, 2015. "draft-ietf-jose-json-web-algorithms-40 - JSON Web Algorithms (JWA)". tools.ietf.org. Retrieved May 8, 2015.

They should be replaced by the following, IMHO.

Jones, Michael B.; Bradley, Bradley; Sakimura, Sakimura (May 2015). JSON Web Token (JWT). IETF. doi:10.17487/RFC7519. ISSN 2070-1721. RFC 7519.

which is the first reference entry. Thoughs?

Added link to JOSE standard
I hope that someone will add article about it, it's most likely when there is read link. Reference: jcubic (talk) 17:45, 30 September 2022 (UTC)