Useful Links
Computer Science
Other Tools and Technologies
OAuth and OIDC
1. Introduction to Secure Delegated Access
2. OAuth 2.0 Framework Fundamentals
3. OAuth 2.0 Protocol Endpoints
4. OAuth 2.0 Tokens
5. Scopes and Permissions
6. OAuth 2.0 Authorization Grants
7. OpenID Connect Identity Layer
8. JSON Web Tokens in OAuth and OIDC
9. Security Considerations and Threats
10. Advanced OAuth and OIDC Topics
11. OAuth 2.1 Evolution
12. Implementation Guidance
JSON Web Tokens in OAuth and OIDC
JWT Fundamentals
Purpose in OAuth/OIDC
Self-Contained Tokens
Stateless Validation
JWT Structure
Three-Part Format
Base64URL Encoding
Dot Separation
JWT Header
Algorithm Specification
Token Type Declaration
Key Identification
JWT Payload
Claims Structure
Registered Claims
Issuer
Subject
Audience
Expiration Time
Not Before
Issued At
JWT ID
Public Claims
Private Claims
JWT Signature
Purpose and Function
Signing Process
Integrity Protection
Tampering Detection
Signing Algorithms
Symmetric Algorithms
HMAC with SHA-256
Key Management
Use Cases
Asymmetric Algorithms
RSA with SHA-256
ECDSA with SHA-256
Public Key Infrastructure
Key Distribution
JWT Validation Process
Signature Verification
Claim Validation
Time-Based Checks
Audience Verification
JWT Security Considerations
Algorithm Confusion Attacks
Key Management
Token Lifetime
Sensitive Information Exposure
Previous
7. OpenID Connect Identity Layer
Go to top
Next
9. Security Considerations and Threats