JWT decode vs verify - Understanding which to use for token verification

Thank you for your clear explanation

What font are you using in the IDE?

How do you verify a client assertion JWT that has no secret with algorithm ECDSA?

what the fuck..... i knew it would be a shit video!

It really depends on the library you're using, for example if your using the PHP Firebase\JWT library to decode a token, then a key is an expected argument as its verifying the signature as well as decoding the payload in the same function.

You should check to make sure your library is verifying, as you may need to call verify manually.

liked ur vid for the last line.
freshers must pay attention on verify and not decode 🙂

thx bro very much, i was having problem of getting the id now bcs of of verify i can confirm if the user valid and get all info that i need

you have two account ??

Finally found an explanation.

I have a question, if I have my Microsoft VerifiedIds on a dot jwt how can I use them to log in into my accounts? I have the 13 words too for decrypt

Thanks

Concise, useful explanation. Keep it up!

Brother I have a doubt and I am new to this and cannot find an answer on Google.

I have multiple users in database and I am using thier unique email id and a secret to sign a token for each user.

And I am using this verify method to authorise a request. But any user token is working and I am able to delete any of the users using only any 1 of the tokens, doesn't matter if the token belongs to the user i want to delete or not.

How do I make sure that only the users unique token can be used to delete itself (the user deletes itself).

Hey, that's exactly what I'm looking for. I've a small doubt tho. I actually want to save a few user data in the local storage on the client side but i would like to keep it encrypted. The reason I want to do this is so that when the user opens the site on a new tab, i can check if a token is present in the browser, and if there is a token, i would like to send it to my backend to retrieve the payload and send back the relevant user details back to the client. Do you think using the verify function would be a good way to persist the login in new tabs.

Thanks for the video!! SUBSCRIBED

Nice video, Dillion. Thanks!

What if I want to make sure the token is VALID, that the token wasn't altered. Would Verify be enough?

Thanks for a such crisp explanation!

thnx man nice video really what I needed