By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
463,119 Members | 610 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 463,119 IT Pros & Developers. It's quick & easy.

JWT with OAuth

P: 7
How to use JWT with OAuth?
2 Weeks Ago #1
Share this Question
Share on Google+
2 Replies

SwissProgrammer
100+
P: 104
JWT (JASON Web Tokens) uses a digital signature, and I have found (the common use of) this to be insecure. Example: tokens can be intercepted.

OAuth (adding a defined protocol), if you use it with your own self-coded, custom, authentication scheme is much better, but in this case it's security depends upon your own addition to it.

How to use?
To maximize your security, you should code an addition to OAuth or you should one-time-pad encrypt your tokens. Example: Server-Side has a bank of OTPs (for that one single customer) and Client-Side has the same bank of OTPs. Supply the Client-Side directly (in-person) to your clients with your own coded custom installation software.
or
Use OAuth without a standard JWT (write your own) and use the OTP process as described above.
If you are looking into OAuth and (which can use) JWT then you might have need of, or interest in, security. The actual security is up to you and there is no commonly known encryption that even comes close to OTPs. Example: OTPs can not be mathematically or computationally broken down into a mathematical or computational process.
1 Week Ago #2

P: 7
This is really helpful thanks :)
1 Week Ago #3

Post your reply

Sign in to post your reply or Sign up for a free account.