Inclusion Relation among JWS, JWE, JWT, ID Token and Access Token

Inclusion Relation JWS, JWE, JWT and ID Token
  • Both JWS (JSON Web Signature) and JWE (JSON Web Encryption) have two methods of serialization; “JSON” and “Compact”.
  • JWT (JSON Web Token) is either JWS or JWE. In either case, its serialization is “Compact” because the specification defines so.
  • By definition, ID Token is signed. Therefore, its format is either “JWS” or “JWE including JWS”.
  • ID Token never takes the form of “JWS including JWE”. It’s because when ID Token is encrypted, the order must be “signed then encrypted” as the specification requires so.
Inclusion Relation among Access Token, JWT and ID Token
  • Access Token is not always a JWT.
  • ID Token is always a JWT by definition.
  • Even if ID Token is used for access control, ID Token is not called Access Token.

References

--

--

--

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

ADPlug Agent

{UPDATE} 盆栽集集樂 Hack Free Resources Generator

Time to Release the Hounds — Cyber Policy and Ransomware

Cybersecurity-Courses, Admission and Careers in the US

Why The DOD Is Making Cybersecurity Maturity Evaluation Mandatory (And Why You Should Too)

Want to Learn Hacking? TryHackMe

The common misconceptions of blockchain-backed digital ID

5 takeaways from the 2017 GEOINT Symposium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

More from Medium

SonarQube Pull Request Decoration with GitLab

How Docker can help us with cloud services integration testing

JS monorepos in prod 6: CI/CD, continuous integration and deployment with Travis CI

2 Approaches to Microservices Monitoring and Logging