stackoom
  简体   繁体   中英

Should I use the JWT token in the OAuth2 for Delivering a Secure API

 原文  2018-09-21 06:01:16       reactjs/ scala/ security/ oauth-2.0/ jwt

Question

I am developing the web application using ReactJS(Front-end UI) and Scala(Back-end API). I have implemented the backend services as microservices.

Here I have integrated OAuth2 authorization framework and used OAuth Access Tokens. After user authentication, I am passing the OAuth access tokens in every sub sequent request headers.

I did see in some website links, we should use JWT token in the OAuth2 flow instead of "OAuth access tokens" to delivering a Secure API.

Should I integrate JWT token in the existing OAuth2? Please share your suggestions. Thanks.

1 answers

solution1
 2  2018-09-21 10:06:14

OAuth2 ia an authorization protocol and does not dictate the format of the access_token so you could return a JWT from the authorization server containing the scope/permissions and the expiration.

Would recommend to go through this https://auth0.com/blog/ten-things-you-should-know-about-tokens-and-cookies/#token-oauth

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Secure login with Jwt or oAuth? How can I store and secure my JWT token in react application Where should I store my JWT in 2019 and is the localStorage really not secure? Spring OAuth2 authentication with token How can i send jwt token to client after OAuth autherization? Spring + Oauth2 + JWT+ Websocket Can I use the userId intead of the jwt token? how do i use a jwt token? When I use Discord OAuth2 I am getting error 400. How can I make this return the access_token correctly? Is there a quick option to save the JWT token secure?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM