Talk:JSON Web Token

JavaScript

This article is within the scope of WikiProject JavaScript, a collaborative effort to improve the coverage of articles related to JavaScript, and to the development of user scripts for use on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.JavaScriptWikipedia:WikiProject JavaScriptTemplate:WikiProject JavaScriptJavaScript ??? This article has not yet received a rating on the importance scale.

Concerning editing and maintaining JavaScript-related articles...

If you are interested in collaborating on JavaScript articles or would like to see where you could help, stop by Wikipedia:WikiProject JavaScript and feel free to add your name to the participants list. Both editors and programmers are welcome.

We've found over 300 JavaScript-related articles so far. If you come across any others, please add them to that list.

The WikiProject is also taking on the organization of the Wikipedia community's user script support pages. If you are interested in helping to organize information on the user scripts (or are curious about what we are up to), let us know!

If you have need for a user script that does not yet exist, or you have a cool idea for a user script or gadget, you can post it at Wikipedia:User scripts/Requests. And if you are a JavaScript programmer, that's a great place to find tasks if you are bored.

If you come across a JavaScript article desperately in need of editor attention, and it's beyond your ability to handle, you can add it to our list of JavaScript-related articles that need attention.

At the top of the talk page of most every JavaScript-related article is a WikiProject JavaScript template where you can record the quality class and importance of the article. Doing so will help the community track the stage of completion and watch the highest priority articles more closely.

Thank you. The Transhumanist 01:10, 12 April 2017 (UTC)[reply]

It looks like there are now two sections for vulnerabilities, which is a bit redundant and confusing. Also, I'm not sure if the statement about HMAC-SHA256 is supported. I've put a citation needed template around it for the time being, but it seems like an WP:EXTREME claim without at least an example (although a statement from a WP:RS is preferable).

@BrnVrn38: Pinging since you created the section

--Elephanthunter (talk) 19:13, 1 August 2018 (UTC)[reply]

I hesitated a lot, but there is a real difference between a vulnerability, a real failure ... and "just" Criticisms which are opinions :structured, argumented, alternatives, valuable point of views but still debatable

These criticisms could be embedded in the text, but I fear they would upset some JWT enthousiast. So I am not embarking on this alone.

As for the HMAC-SHA256, I added a link to Wikipedia's MAC definition. All MAC by definition uses a secret key. (vs. signatures that use Public/Private key.)

You would make a "vulnerabilities" or a "Criticism" or a "Vulnerabilities & Criticism" or else ??

"Vulnerabilities and criticism" works well. Changed the ampersand to an "and" per MOS:AMP and changed the casing per MOS:HEAD. Um... but you can only generate the a valid HMAC if you are in possession of the secret key. In the case of a JWT being handed to the browser, the browser would not have the secret key, so a HMAC could not be manipulated and regenerated. The words "totally insecure" still don't appear to apply. It is possible I am misunderstanding something though, so please if you have a WP:RS with an explanation of how JWT is totally insecure that would be helpful. It's also possible the explanation just needs reworded. --Elephanthunter (talk) 18:55, 2 August 2018 (UTC)[reply]