JWT Authentication in the context of JAX-RS REST service

skalle.tech · December 4, 2017, 11:46pm

I need to perform JWT authentication as a part of my assignment. I have gone through the concept of JWT [JSON Web Token Introduction - jwt.io]. I have few queries on how to make use of JWT in the context of a REST service.

Consider only one client (consumer) associated server (producer)

Is it required that Provider has to create a JWT token and send it to consumer
?
Or another approach is Server create a secret key and share it with the client. Client will construct the JWT and uses the secret key while generating the signature. And constructed JWT will be sent to the server. At server end server will verify the JWT using the secret key.
Do claims should include the entire request payload ? or it is just for authentication ?
Your suggestions will be great help… Thank you in advance.

jmangelo · December 5, 2017, 9:32pm

What you describe seems to be a highly custom approach for issuing the access tokens and validating them; the recommendation would be to restrict your usage to standard patterns based on clearly defined protocols already well-supported by libraries. In the case of API authorization based on access tokens (which can be JWT) that would mean the use of OAuth 2.0 flows to obtain the access token.

You should read: Authentication and Authorization Flows

Topic		Replies	Views
Advisability of using a JWT with a custom implementation for token issuance? JWT.io jwt , architecture	4	5241	March 2, 2018
Java-jwt - How to supply RSA keys? Help	2	1426	June 20, 2023
JWT best practice and understanding JWT.io	4	2743	March 19, 2022
Diagram & explanation of using a separate Authentication Server from Resource Server JWT.io	0	317	May 29, 2024
How does one deal with JWT Token Validation from a Javascript client in a Servlet Filter w/o Spring? Help javascript , java-ee , servlet	1	4504	March 2, 2018

JWT Authentication in the context of JAX-RS REST service

Related topics