Oauth2 and JWT difference
Question
I'm confuse with this topic, I have been working with JWT authentication with a NODEJS API and I've been heard about Oauth2 and reading the documentation Oauth2 can work with with JWT, so my question is, Should I use Oauth2 for my rest API that will be consumed by a react front end application or continue using JWT authentication.
So, if using Oauth2 how the frontend will handle this? , because a have seen the the rest API provide the Google provider Log In page for example
1 answers
solution1
0 2021-04-22 10:39:35
A JSON Web Token (JWT) is a means of encoding data so that it is protected from tampering (when the JWT is signed) and which can be easily used in HTTP (as it is encoded). So a JWT is a way of passing authentication and authorization data between different parties (for example your frontend app and API).
OAuth2 is a protocol for getting authorization. It describes ways of how a user can grant access to their resources to an application. So OAuth2 describes the process you have to implement so that your application can get, eg a JWT token.
Both OAuth2 and JWT are internet standards, so it is good to implement them.
If currently you obtain JWTs without implementing OAuth, I would strongly recommend to switch to an OAuth flow. How exactly is that implemented depends on your infrastructure. If you want your frontend to perform a flow and obtain a JWT access token you can use the implicit flow or code flow with PKCE (the second one is recommended). If you need your backend to get a JWT to access some other API, then you can have your backend perform a code flow , and associate the JWT with a user session.
Have a look at these API best practices to get some more ideas on how to tackle some of your problems.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.