Reputation: 150614
How is JWT related to OAuth?
I recently stumbled upon JSON Web Tokens (JWT), and as far as I have understood it, they are just a compact form of a token that can easily be serialized (as it is JSON).
Now, my question is: Are JWTs related to OAuth in any form, or are they two completely independent concepts?
Upvotes: 1
Views: 321
Answers (1)
Reputation: 22742
The OAuth2 spec doesn't actually require the use of JWTs, since it treats tokens as opaque, but they are a convenient standard for implementers to use. If you look at the OpenID Connect Specificiation, which builds on top of OAuth2 to provide an authentication system, then you'll find that it does make explicit use of JWTs, for example in the definition of the ID Token.
JWTs can also support signing and encryption in a standard way (see the accompanying JWE and JWS specs).
Upvotes: 1
Related Questions
- May an OAuth 2.0 access token be a JWT?
- What are the main differences between JWT and OAuth authentication?
- JWT and Authorization Server
- What are the differences between JWT and OAuth authentication?
- JWT authentication concept
- Confusion regarding JWT authorisation
- How does JWT Token Works?
- JWT. Why is it better than oAuth and what's the signature?
- Relationship between OAuth and JWT
- Difference between client authentication and authorization grant in OAuth using JWT