I need to perform JWT authentication as a part of my assignment. I have gone through the concept of JWT [https://jwt.io/introduction/]. I have few queries on how to make use of JWT in the context of a REST service.
Consider only one client (consumer) associated server (producer)
Is it required that Provider has to create a JWT token and send it to consumer
Or another approach is Server create a secret key and share it with the client. Client will construct the JWT and uses the secret key while generating the signature. And constructed JWT will be sent to the server. At server end server will verify the JWT using the secret key.
Do claims should include the entire request payload ? or it is just for authentication ?
Your suggestions will be great help… Thank you in advance.