Send mail via Google Apps Gmail using service account domain wide delegation in nodejs

So I was half-step close to the solution, the problem was that while creating const jwtClient = new google.auth.JWT(googleKey.client_email, null, googleKey.private_key, [‘https://www.googleapis.com/auth/gmail.send’], null); i did not mention the account to be impersonated. The correct initialization should be: const jwtClient = new google.auth.JWT(googleKey.client_email, null, googleKey.private_key, [‘https://www.googleapis.com/auth/gmail.send’], ‘user@domain.com’); To summarize, the correct steps are: Created a project … Read more

Get claims from a WebAPI Controller – JWT Token,

You should be able to retrieve a claims like this within your controller var identity = HttpContext.User.Identity as ClaimsIdentity; if (identity != null) { IEnumerable<Claim> claims = identity.Claims; // or identity.FindFirst(“ClaimName”).Value; } If you wanted, you could write extension methods for the IPrincipal interface and retrieve claims using the code above, then retrieve them using … Read more

JWT on .NET Core 2.0

Here is a full working minimal sample with a controller. I hope you can check it using Postman or JavaScript call. appsettings.json, appsettings.Development.json. Add a section. Note, Key should be rather long and Issuer is an address of the service: … ,”Tokens”: { “Key”: “Rather_very_long_key”, “Issuer”: “http://localhost:56268/” } … !!! In real project, don’t keep … Read more

Should JWT be stored in localStorage or cookie? [duplicate]

I like the XSRF Double Submit Cookies method which mentioned in the article that @pkid169 said, but there is one thing that article doesn’t tell you. You are still not protected against XSS because what the attacker can do is inject script that reads your CSRF cookie (which is not HttpOnly) and then make a … Read more

What is the maximum size of JWT token?

I’ve also been trying to find this. I’d say – try and ensure it’s below 7kb. Whilst JWT defines no upper limit in the spec (http://www.rfc-editor.org/rfc/rfc7519.txt) we do have some operational limits. As a JWT is included in a HTTP header, we’ve an upper limit (SO: Maximum on http header values) of 8K on the … Read more

tech