Relationship between OAuth and JWT

Question

From what I understanding OAuth is the overall flow and JWT is just one format that can be used to pass the tokens between the client and the server? Is this understanding correct?

Answer 1

In short, JWT allows you to access the resources you want without explicitly going trough an authentication procedure. meaning that your authentication data is sent in a token in the header of your http request, this token will then be verified and if everything goes right you access the data else (if the ttl is surpassed or if the token contains invalid data), you are asked to give your credentials in order to create a new token that you will need to send to the api in every http request.

So generaly in an application we: 1- authenticate the user. 2- when the credentials are correct we allow him to log in the application while creating a jwt token from the correct credential that user provided 3- we send the jwt token to the user 4- the user saves the token in a cookie or in the header of every http request he sends 5- the user doesn t need to authenticate by explicitly giving his credentials, he just needs to send the jwt token in the header of his http request everytime he logs in the application

Answer 2

It is basically correct. OAuth2 is an authorization framework used by third party applications (websites, mobile apps) to access on resources on a resource server, without exposing user password. JWT is a compact way of representing claims to be transferred between two parties (JSON with digital signature). OAuth2 can use JWT as the exchanged token, client authentication (e.g. using JWT Profile), as an access tokenRFC7800 or, when used in an OpenID Connect context, as an ID Token.

Check this http://www.seedbox.com/en/blog/2015/06/05/oauth-2-vs-json-web-tokens-comment-securiser-un-api/