Auth0 Home Blog Docs

JWT Authentication in the context of JAX-RS REST service

jwt

#1

I need to perform JWT authentication as a part of my assignment. I have gone through the concept of JWT [https://jwt.io/introduction/]. I have few queries on how to make use of JWT in the context of a REST service.

Consider only one client (consumer) associated server (producer)

Is it required that Provider has to create a JWT token and send it to consumer
?
Or another approach is Server create a secret key and share it with the client. Client will construct the JWT and uses the secret key while generating the signature. And constructed JWT will be sent to the server. At server end server will verify the JWT using the secret key.
Do claims should include the entire request payload ? or it is just for authentication ?
Your suggestions will be great help… Thank you in advance.


#2

What you describe seems to be a highly custom approach for issuing the access tokens and validating them; the recommendation would be to restrict your usage to standard patterns based on clearly defined protocols already well-supported by libraries. In the case of API authorization based on access tokens (which can be JWT) that would mean the use of OAuth 2.0 flows to obtain the access token.

You should read: https://auth0.com/docs/api-auth


#3