Thursday, 29 March 2018

When to use RS256 for JWT?

So, right now I'm building an API for third parties uses and I was reading about RS256 and HS256. What I understood was that diff between is that in the first one you use a public key to verify and a private key to sign, and the other one, use just one key.. So what I don't understand why you would like to verify the token in the client? Because you do a post request to the server, then it sends you back the token and whenever you want to make an authorized request you just use the token and the server verifies the token. So, why you would like to verify the token in the client? I thought it was a backend's duty.I think maybe I'm wrong in something, hope you help clear this. Thanks.

Submitted March 29, 2018 at 07:19PM by foocux

No comments:

Post a Comment