What is the difference between JWT and JWS?

Navigation
5

I asked a little question on the site about JWT , which is used to create access tokens through JSON.

I tried to implement JWT between two applications that use different versions of a library that generates JWT tokens.

Know version 0.4 and 0.5 of this library .

I was seeing that an error was being generated between these two applications, and the private key was the same and the claims were also usually recognized. But I noticed when I used JWT.IO that a result of the header type was different.

When you put a given token (generated by version 0.4 of the library) this would appear in the HEADER section: 

{
  "alg": "HS256",
  "typ": "JWS"
}

When I used the token generated by version 0.5 of the above library, this HEADER appeared: 

{
  "typ": "JWT",
  "alg": "HS256"
}

So, I guess that's why I was not able to maintain JWT communication between the two applications, since each is implementing a typ different.

I have some doubts:

  • What is the difference between JWS and JWT?
  • What would this typ be in a JWT Token Header?
asked by anonymous 10.03.2017 / 18:13

1 answer

2

JWT uses JWS for its signature, from the specification:

JSON Web Token (JWT) is a compact, secure way for URLs to represent claims to be transferred between two parties. The requests in a JWT are encoded as a JavaScript Object Notation (JSON) object that is used as a JSON Web Signature (JWS) structure or as the clear text of a JSON Web Encryption (JWE) structure, allowing claims to be digitally signed or MACed and / or encrypted.

So, a JWT is a JWS structure with a JSON object as the payload. Some optional keys (or claims) have been defined as iss, aud, exp, etc.

This also means that your integrity protection is not only limited to shared secrets, but public / private key cryptography can also be used.

"Typ" (type) header parameter The type (header) Parameter defined by [JWS] and [JWE] is used by JWT applications to declare the [IANA.MediaTypes] media type of this JWT

    
13.03.2017 / 14:54
Javascript classes What is the difference between Preference and SharedPreference?