- Home>
- access token
In this post, I am going to share a few things I have learned about JWT token. Specifically, I am going to go over the structure of a JWT and how you can trust the information in the token to be authentic by validating the signature.
If you are like me, you might have thought OAuth 2 is for both authentication and authorization. After all, the main OAuth 2 flows ( Authorization Code, Implicit, User Credentials ) all require a resource owner to authenticate against an authorization server. In this post, I’ll talk about some of the reasons I’ve learned why OAuth 2 is not for authentication.