UsefulLinks
Computer Science
Other Tools and Technologies
OAuth and OIDC
1. Introduction to Secure Delegated Access
2. OAuth 2.0 Framework Fundamentals
3. OAuth 2.0 Protocol Endpoints
4. OAuth 2.0 Tokens
5. Scopes and Permissions
6. OAuth 2.0 Authorization Grants
7. OpenID Connect Identity Layer
8. JSON Web Tokens in OAuth and OIDC
9. Security Considerations and Threats
10. Advanced OAuth and OIDC Topics
11. OAuth 2.1 Evolution
12. Implementation Guidance
8.
JSON Web Tokens in OAuth and OIDC
8.1.
JWT Fundamentals
8.1.1.
Purpose in OAuth/OIDC
8.1.2.
Self-Contained Tokens
8.1.3.
Stateless Validation
8.2.
JWT Structure
8.2.1.
Three-Part Format
8.2.2.
Base64URL Encoding
8.2.3.
Dot Separation
8.3.
JWT Header
8.3.1.
Algorithm Specification
8.3.2.
Token Type Declaration
8.3.3.
Key Identification
8.4.
JWT Payload
8.4.1.
Claims Structure
8.4.2.
Registered Claims
8.4.2.1.
Issuer
8.4.2.2.
Subject
8.4.2.3.
Audience
8.4.2.4.
Expiration Time
8.4.2.5.
Not Before
8.4.2.6.
Issued At
8.4.2.7.
JWT ID
8.4.3.
Public Claims
8.4.4.
Private Claims
8.5.
JWT Signature
8.5.1.
Purpose and Function
8.5.2.
Signing Process
8.5.3.
Integrity Protection
8.5.4.
Tampering Detection
8.6.
Signing Algorithms
8.6.1.
Symmetric Algorithms
8.6.1.1.
HMAC with SHA-256
8.6.1.2.
Key Management
8.6.1.3.
Use Cases
8.6.2.
Asymmetric Algorithms
8.6.2.1.
RSA with SHA-256
8.6.2.2.
ECDSA with SHA-256
8.6.2.3.
Public Key Infrastructure
8.6.2.4.
Key Distribution
8.7.
JWT Validation Process
8.7.1.
Signature Verification
8.7.2.
Claim Validation
8.7.3.
Time-Based Checks
8.7.4.
Audience Verification
8.8.
JWT Security Considerations
8.8.1.
Algorithm Confusion Attacks
8.8.2.
Key Management
8.8.3.
Token Lifetime
8.8.4.
Sensitive Information Exposure
Previous
7. OpenID Connect Identity Layer
Go to top
Next
9. Security Considerations and Threats