0

Is it possible to verify the token on FrontEnd (TypeScript). So I do not want to know if the token has expired (Because someone can change the contents of the token, but the token can still be vague). I want to make sure that the token is valid. Is it possible to that on FrontEnd?

Improve this question

1 Answer 1

Reset to default
3

Check expiration

If you want to check the expiration of a token, then you need to decode its "exp" claim. You can decode a JWT at front end without security issues. Retrieve the "Expires at" claim and do your calculations.

Verify

This is a little bit more problematic, since in order to verify a JWT you need to verify the signature using your secret, if you want to verify at front-end then your secret needs to be available at the front-end, which is a major security issue, since it will probably be exposed to your users.

I personally am not aware of a way to store a secret at front-end without exposing it to your user.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.