JSON Web Token (JWT)

JWT is the standard for securing REST web services.

“JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters. JWTs encode claims to be transmitted as a JavaScript Object Notation (JSON) object […]”.

References below describe it as well as provide links to samples. Microsoft just released a DLL which is an extension to .NET 4.5 and works with or without WIF. There are libraries available in most languages to handle the token. Oracle uses it in its Fusion Middleware; Google in its App Engine Security Module;  Salesforce in application access; and Windows Azure Active Directory for issuing claims for all of its workloads entailing REST exchanges, such as issuing tokens for querying the Graph API; ACS namespaces can issue JWTs as well, even for Web SSO; JWT is the token format used in  OpenID Connect as well.

IETF

JSON Web Token (JWT) Samples on MSDN

NUGET Package for .NET 4.5

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: