Hi John
Moving it to the OAuth list as suggested
On 10/11/14 18:39, John Bradley wrote:
JWT is a OAuth spec for historic reasons, so it might be best to discuss this
on that list.
Are you talking about a unsigned JWT?
No, just a complete JSON representation
JWT currently only supports the compact form. For access tokens that allows
them to be passed in headers without additional escaping.
I would need to see a use case before adding the JSON encoding to JWT.
Nothing stops someone from using a JSON encoded JWS with a set of claims in the
body, but that is not by definition a JWT on the wire.
They can be converted between the two forms programatically.
I do not have any major use case in mind. Right now I have something
called a JAX-RS MessageBodyWriter/Reader for a Jwt token, and internally
it converts it to the compact Jws or reads from it.
It just occurred to me, what if Jwt simply acts as a basic standardized
data container, so on the wire it is just a JSON document.
Or if we have an access JWT token, right now it would be JWS-compacted,
but if we had a JSON form then another option would be to have a
base64URL representation of JWT as a token (though I haven't thought
about the integrity protection of it...).
Or may be it would be easier to store such JWT in JSON in JSON-aware
databases...
Sorry, just thinking aloud here while experimenting...
Cheers, Sergey
John B.
On Nov 10, 2014, at 8:26 AM, Sergey Beryozkin <sberyoz...@gmail.com> wrote:
Hi All,
Would it make sense to have a JWT spec talk about its JSON representation,
example:
{
"headers": {...}
"claims": {...}
}
IMHO it might be interesting in cases where JWT is an access token passed over
the secure channel or simply used as a standard data/token container
Sergey
_______________________________________________
jose mailing list
j...@ietf.org
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
