JWT
What is JSON Web Token?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and
self-contained way for securely transmitting information between parties as a JSON object. T
his information can be verified and trusted because it is digitally signed.
JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.
Although JWTs can be encrypted to also provide secrecy between parties, we will focus
on signed tokens. Signed tokens can verify the integrity of the claims contained within it,
while encrypted tokens hide those claims from other parties. When tokens are signed using public/private key pairs,
the signature also certifies that only the party holding the private key is the one that signed it.
OAuth 2.0
OAuth 2.0 logoOAuth 2.0 is the industry-standard protocol for authorization.
OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications,
desktop applications, mobile phones, and living room devices. This specification and its
extensions are being developed within the IETF OAuth Working Group.
Protocols Built on OAuth 2.0
OpenID Connect (OpenID Foundation)