Reputation: 371
Why we have two classes for JWT tokens JwtSecurityTokenHandler vs JsonWebTokenHandler?
Its always confusing and there is no mention about which is the better one to use, I personally prefer JsonWebTokenHandler as it is more appropriate return type of ValidateToken
The difference in namespace is Microsoft.IdentityModel.JsonWebTokens vs System.IdentityModel.Tokens.Jwt, which is also quite similar?
Any guidelines available ?
Upvotes: 14
Views: 9378
Answers (1)
Reputation: 171
JsonWebTokenHandler is the new and improved vesion.
See: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/945
brentschmaltz wrote:
JwtSecurityTokenHandler was modeled after the existing System.IdentityModel.SecurityTokenHandler. There were some compromises that we had to make, such as using System.Security.ClaimsIdentity as the type to build the JWS or JWE when using SecurityTokenDescriptor. ValidateToken had an out parameter of type SecurityToken, which doesn't for async. A ClaimsPrincipal was returned, sometimes using claim type mapping to build the claims. This model new model, is much lighter weight and works with native Json.Net objects. We plan on layering on top, so that you can get back to the existing types, but we will allow users to control what is returned using injection and delegates.
We saw performance improvements of up to 100% in some scenarios.
Upvotes: 16
Related Questions
- What is the purpose of JwtBearerOptions.SaveToken property in ASP.NET Core 2.0+?
- ASP.NET Identity Bearer Token vs JWT Pros and Cons
- Differences between AspNetUserToken and custom made JWT token in .NET Core 3.0
- Jwt token vs access token
- ASP .NET Core Identity default authentication vs JWT authentication
- Asp Web API. JWT Authentication vs username / password Authentication
- asp.net core identity - 2 types of jwt tokens
- What's the point of using JWTs with ASPNet.Identity?
- Decide using com.auth0 or io.jsonwebtoken for JWT in Java
- express-jwt vs. jsonwebtoken