OAuth2 vs JWT

TL:DR 两者并无可比性. OAuth2 可以利用 JWT 作为 bearer token. OAuth2 包含的东西更多.

JWT is an authentication protocol

This means it is a strict set of instructions for the issuing and validating of signed access tokens. The tokens contain claims that are used by an app to limit access to a user.

OAuth2 is an authentication framework

OAuth2 on the other hand is a framework, think very detailed guideline, for letting users and applications authorize specific permissions to other applications in both private and public settings.

Ref

OAuth 2 VS JSON Web Tokens: How to secure an API - Seedbox Technologies | Les Technologies Seedbox

Show Comments