Oauth2 and JWT difference

Question

I'm confuse with this topic , I have been working with JWT authentication with a NODEJS API and I've been heard about Oauth2 and reading the documentation Oauth2 can work with with JWT, so my question is, Should I use Oauth2 for my rest API that will be consumed by a react front end application or continue using JWT authentication.

So, if using Oauth2 how the frontend will handle this? , because a have seen the the rest API provide the Google provider Log In page for example

Answer 1

A JSON Web Token (JWT) is a means of encoding data so that it is protected from tampering (when the JWT is signed) and which can be easily used in HTTP (as it is encoded). So a JWT is a way of passing authentication and authorization data between different parties (for example your frontend app and API).

OAuth2 is a protocol for getting authorization. It describes ways of how a user can grant access to their resources to an application. So OAuth2 describes the process you have to implement so that your application can get, e.g. a JWT token.

Both OAuth2 and JWT are internet standards, so it is good to implement them.

If currently you obtain JWTs without implementing OAuth, I would strongly recommend to switch to an OAuth flow. How exactly is that implemented depends on your infrastructure. If you want your frontend to perform a flow and obtain a JWT access token you can use the implicit flow or code flow with PKCE (the second one is recommended). If you need your backend to get a JWT to access some other API, then you can have your backend perform a code flow, and associate the JWT with a user session.

Have a look at these API best practices to get some more ideas on how to tackle some of your problems.