OAuth or JWT? Which one to use and why?

Question

I am starting to learn about token based authentication and I am trying to learn how to implement it in Laravel 5. I have come across two very popular technologies for doing

Answer 1

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA.

OAuth 2.0 is protocol for authorization. OAuth 2.0 supersedes the work done on the original OAuth protocol created in 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification is being developed within the IETF OAuth WG.

- The OAuth We have different types of tokens.

1) WS-Security tokens, especially SAML tokens

2) JWT tokens

3) Legacy tokens

4) Custom tokens

The most important thing to understand when comparing JWT and OAuth2, is that they are not alike. Or even incompatible.

JWT is an authentication protocol This means it is a strict set of instructions for the issuing and validating of signed access tokens. The tokens contain claims that are used by an app to limit access to a user.

**OAuth2 is an Authorization Framework ** OAuth2 on the other hand is a framework, think very detailed guideline, for letting users and applications authorize specific permissions to other applications in both private and public settings.

Few good links:

• [1]: https://community.apigee.com/questions/21139/jwt-vs-oauth.html

• [2]: https://youtu.be/XGmUlyggXVo

• [3]: http://www.seedbox.com/en/blog/2015/06/05/oauth-2-vs-json-web-tokens-comment-securiser-un-api/