JWT Payload component and security


#1

Hi,

I am trying to make the app more secure from MTM attacks, What is the best way to construct JWT payload so that it works and also does not reveal the sensitive user info that anyone can decode.

As of now, I have not been able to construct a payload that works on DF. Please suggest.

Thanks,


#2

I think the easiest way is to use SSL (TSL), or are you looking for even more security than that?


#3

Sorry if I am not using the right terms. What I meant is the tags that would construct the JWT. Example.

{
“alg”: “HS256”,
“typ”: “JWT”
“sub”: “1234567890”,
“name”: “John Doe”,
“admin”: true
}

Whats the key-value paid that I need to use and obviously I cant simply type my DF username and password since anyone can decode it. Also, How is the secret key configured in the DF.

Thanks