P. SiriwardenaAdvanced API Securityhttps://doi.org/10.1007/978-1-4842-2050-4_8

8. Message-Level Security with JSON Web Encryption

Prabath Siriwardena¹

(1)

San Jose, CA, USA

In Chapter 7, we discussed in detail the JWT (JSON Web Token) and JWS (JSON Web Signature) specifications. Both of these specifications are developed under the IETF JOSE working group. This chapter focuses on another prominent standard developed by the same IETF working group for encrypting messages (not necessarily JSON payloads): JSON Web Encryption (JWE). Like in JWS, JWT is the foundation for JWE. The JWE specification standardizes the way to represent an encrypted content in a JSON-based data structure. The JWE¹ specification defines two serialized ...

Get Advanced API Security: OAuth 2.0 and Beyond now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Advanced API Security: OAuth 2.0 and Beyond by Prabath Siriwardena

8. Message-Level Security with JSON Web Encryption

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly