Scribd Logo
Upload

Welcome to Scribd!

  • Main Ideas - JWT/JWS

    Uploaded by

    scribdsuharau
    16 views1 page

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views1 page

    Main Ideas - JWT/JWS

    Uploaded by

    scribdsuharau

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    JWS with the right claims

    /
    401 Unauthorized with correct message (nonexistent user /
    wrong password)

    Client
    Gateway IDM
    login forward request
    [1] Request Flow
    {
    "user": "test,
    "pass": "test"
    }

    [2] IDM login flow yes Grab password Check given Is the
    User hash password
    password
    exists? associated to against stored
    user password hash correct?

    no

    yes no
    Return 401 with
    a body that
    states that the
    given username
    does not exist Create a JWS Return 401 with
    with the a body that
    according claims states that the
    and return it to password is
    the user wrong

    User will use


    the JWS on
    every request
    for authorization

    yes no Is the role fit yes


    [3] Request authorization flow Check Does Bearer Is Token
    Receive Is the token for the Return
    Bearer Token Expired? requested
    request valid? resource
    Token (JWS) Exist? (exp claim) resource?

    401 with 403 with


    descriptive descriptive
    body body

    You might also like