Difference between revisions of "JOSE"
From MgmtWiki
(→Other reference material) |
|||
Line 16: | Line 16: | ||
===Other reference material=== | ===Other reference material=== | ||
# [https://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/6.0/overview-summary.html#overview.description Nimbus JOSE + JWT v6.0] is an open source java library | # [https://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/6.0/overview-summary.html#overview.description Nimbus JOSE + JWT v6.0] is an open source java library | ||
+ | # [https://tools.ietf.org/html/rfc7516 JWE - Json Web Encription] | ||
# [https://blog.angular-university.io/angular-jwt/ JWT: The Complete Guide to JSON Web Tokens] from the folks that brought you angular. | # [https://blog.angular-university.io/angular-jwt/ JWT: The Complete Guide to JSON Web Tokens] from the folks that brought you angular. | ||
# RFC 6749 The OAuth 2.0 Authorization Framework specification | # RFC 6749 The OAuth 2.0 Authorization Framework specification |
Revision as of 11:40, 22 October 2019
Full Title
JSON Web Token (JWT) --
Context
In OAuth 2.0 and other specs from the Open ID Foundation, there was a need for a small packed of identity information that could be coded and include in a HTTP header.
Problems
- The existing specs at the time the JWT was created were XML and SAML which were very wording and not amenable to coding in an HTTP header.
Solutions
- The RFC definition of the JSON Web Token (JWT). The abstract from the spec
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
- Justin Richer has some suggestions.[1]
References
- ↑ Justin Richer, Moving On from OAuth 2: A Proposal. https://medium.com/@justinsecurity/moving-on-from-oauth-2-629a00133ade
Other reference material
- Nimbus JOSE + JWT v6.0 is an open source java library
- JWE - Json Web Encription
- JWT: The Complete Guide to JSON Web Tokens from the folks that brought you angular.
- RFC 6749 The OAuth 2.0 Authorization Framework specification
- RFC 8252 OAuth 2.0 for Native Apps Specification