reactjs


JWT RS256 public key in single-page React web app


A single-page React web app receives signed JSON Web Tokens from an authentication server. The signing algorithm is RS256. i.e. using public and private keys. The private key resides on the server. Traffic between the React app and the authentication server is over SSL.
The public key used by the web app to verify the contents and signature of the received JWT is visible in the HTML/JS source of the web application.
Currently, the JWT is not encrypted. Merely, signed.
Questions:
Is it a standard/reasonably-acceptable practice to leave JWTs unencrypted, relying on SSL for protection?
If not, how would one decrypt a JWE-encrypted token in a React app where the guts and content of the app are clearly visible, with no place to hide a decryption key/secret?

Related Links

how can I cohabitate D3 and React.js or Vue.js?
Set default activeClassName for NavLink in React Router v4
Reactjs combine all the states to parent component
How to pass a function down the component's hierarchy without using props in React?
Meteor React createContainer rerender
Idiomatic way to chain redux state changes?
How to select unknown element in react native webview?
How to split props string in React?
TypeScript: Export React components as part of a namespace
How to find out what is initiating an (re)render in React
Get API response to a function and populate controls
Manage conflict between componentwillrecieveprops and onChange function
React-Dates in component using Redux
react-router - cannot GET url
Child components not updating in Safari. Works like a charm in Chrome and FF
react webpack app often got a blanc page after reload

Categories

HOME
internet-explorer
azure-active-directory
ftp
packet
hex
crm
bitbucket
multipartform-data
markdown
scapy
revit-api
annyang
rtc
coding-style
decoding
cakephp-2.0
logstash-configuration
google-closure-compiler
android-actionbar
accordion
hl7-fhir
sonarlint
klipfolio
aws-iot
core-animation
knapsack-problem
ballerinalang
pypy
jboss-arquillian
schedule
visual-studio-debugging
favorites
tunnel
flex3
const
gem-fury
mybatis-generator
keychain
quartz
definition
peerjs
risc
chrome-custom-tabs
angular-fullstack
spring-data-commons
infovis
serverless-architecture
xmldom
vertex
perldoc
px4
intermediate-language
activesupport
nservicebus6
hellosign
dynatable
pyautogui
blackberry-webworks
mac-app-store
git-push
transaction-isolation
wonderware
computability
app-data
controlpanel
ios8-share-extension
recode
transport
tooltwist
nmock
fileinputstream
genome
gmaps4jsf
maven-archetype
nfa
optimistic-locking
shunting-yard
qxorm
pysvn
drools-guvnor
aiff
unityvs
illegalargumentexception
react-os
nsurlrequest
azure-worker-roles
twitter-finagle
class-library
starling-framework
xtify
ftpwebrequest
libx264
gssapi
inflate
expresso-store
systrace
idtabs
datejs
parallel-python
soapexception
netbeans7.0
google-local-search
webdb
appointment

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile