Jwan622
Reputation: 11639
JWT. Why is it better than oAuth and what's the signature?
I'm reading about JWT and I'm confused about why there's a signature:
What is the purpose of the signature if it's just a hashed version of the header and payload?
Also, why not just use oAuth? Or whatever 2 factor auth uses?
Upvotes: 0
Views: 243
Answers (1)
pedrofb
Reputation: 39241
The purpose of Oauth2 and JWT is different, so it is not possible to compare them directly
- JWT is a compact way of representing claims to be transferred between two parties (JSON with digital signature).
- OAuth2 is an authorization framework used by third party applications (websites, mobile apps) to access on resources on a resource server, without exposing user password. OAuth2 can use JWT as the exchanged token
JWT is self contained and does not need server sessions . The digital signature is performed with server private key and protects the content. Any alteration of the header, the payload or the signature will be detected by the server and reject the token.
Upvotes: 2
Related Questions
- Are JWTs a secure option for user authentication?
- What are the main differences between JWT and OAuth authentication?
- What are the differences between JWT and OAuth authentication?
- JWT authentication concept
- jwt: Why is signature algorithm not needed when verifying a JWT token?
- Difference between SSL and JWT
- Should I use OAuth or JWT?
- Token Based Authentication advantages?
- What is secured about JWT?
- How is JWT related to OAuth?