15 OAuth 2: Using JWT and cryptographic signatures

This chapter covers

Validating tokens using cryptographic signatures
Using JSON Web Tokens in the OAuth 2 architecture
Signing tokens with symmetric and asymmetric keys
Adding custom details to a JWT

In this chapter, we’ll discuss using JSON Web Tokens (JWTs) for token implementation. You learned in chapter 14 that the resource server needs to validate tokens issued by the authorization server. And I told you three ways to do this:

Using direct calls between the resource server and the authorization server, which we implemented in section 14.2
Using a shared database for storing the tokens, which we implemented in section 14.3
Using cryptographic signatures, which we’ll discuss ...

Get Spring Security in Action now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Spring Security in Action by Laurentiu Spilca

15 OAuth 2: Using JWT and cryptographic signatures

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly