Inclusion Relation among JWS, JWE, JWT, ID Token and Access Token

Inclusion Relation JWS, JWE, JWT and ID Token
  • Both JWS (JSON Web Signature) and JWE (JSON Web Encryption) have two methods of serialization; “JSON” and “Compact”.
  • JWT (JSON Web Token) is either JWS or JWE. In either case, its serialization is “Compact” because the specification defines so.
  • By definition, ID Token is signed. Therefore, its format is either “JWS” or “JWE including JWS”.
  • ID Token never takes the form of “JWS including JWE”. It’s because when ID Token is encrypted, the order must be “signed then encrypted” as the specification requires so.
Inclusion Relation among Access Token, JWT and ID Token
  • Access Token is not always a JWT.
  • ID Token is always a JWT by definition.
  • Even if ID Token is used for access control, ID Token is not called Access Token.

References

--

--

--

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

FARM Emissions — Week 93

{UPDATE} Redneck Rush Hack Free Resources Generator

{UPDATE} Car Robot Sim Transport Truck Hack Free Resources Generator

Why Regression Testing is So Important for Application Security Automation

Which is the Best Messaging Application in 2022?

Which is the Best Messaging Application in 2022?

Setting Up an SSH Bastion Host.

{UPDATE} Sweet Garden Bubble Hack Free Resources Generator

BAXE partners with IDEMIA to deploy next generation identity validation technology

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takahiko Kawasaki

Takahiko Kawasaki

Co-founder and representative director of Authlete, Inc., working as a software engineer since 1997. https://www.authlete.com/

More from Medium

2 Approaches to Microservices Monitoring and Logging

Infrastructure Design with Data: A New Watcher!

How to mock an SSO Keycloak React app for Cypress testing

The Challenges of Using OPA for Application Authorization