Tag Archives: jwt

Creating Secure Password Resets With JSON Web Tokens

When a user of your application has forgotten their password, it can and should be reset securely. To accomplish a secure password reset, I will demonstrate how to use JSON Web Tokens (JWT) to generate a URL-safe token. The JWT contains encoded information about the user and a signature that, when decoded, is validated to ensure that the token has not been tampered with.

Illustration showing mobile, medium and wide viewports, where the layout of the header and sidebar change as the viewport widens.

Once the JWT is validated, your application can securely allow the user to generate a new password, instead of sending them their forgotten one.

The post Creating Secure Password Resets With JSON Web Tokens appeared first on Smashing Magazine.

Originally from:  

Creating Secure Password Resets With JSON Web Tokens