Great..! Thanks Brian.. Thanks & regards, -Prabath
On Wed, Dec 3, 2014 at 6:38 PM, Brian Campbell <[email protected]> wrote: > I think it's application/jwt per > http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-31#section-10.3.1 > > On Wed, Dec 3, 2014 at 5:11 AM, Prabath Siriwardena <[email protected]> > wrote: > >> Is there a Content-Type defined for JWT already...? >> >> application/json Content-Type won't work - since the structure of the JWT >> is not JSON... >> >> Appreciate a lot any pointers..? >> >> Can we define content type called application/jwt or application/json+jwt >> >> Thanks & regards, >> -Prabath >> >> On Thu, Jun 5, 2014 at 11:13 AM, Prabath Siriwardena <[email protected]> >> wrote: >> >>> I have the following SOAP use case... >>> >>> 1. Using WS-Trust - I authenticate to the STS - and get a SAML Bearer >>> Token with the required set of claims.. >>> 2. I use this as a supporting token to access a SOAP service. >>> 3. SOAP service will validate the signature of the SAML token and if it >>> is valid - I will be able to access it. >>> >>> Now I am thinking of implementing the same in the following manner for >>> REST APIs. >>> >>> 1. Using OpenID Connect talk to the token endpoint with client >>> credential grant type and get a signed ID token with the required set of >>> claims. >>> 2. Set the JWT token in an HTTP header and talk to the secured API. >>> 3. API should validate the signature of the JWT and if its valid and if >>> it trusts the issuer - should let me in. >>> >>> But - I find some limitations in spec to implement my REST use case. >>> >>> 1. OpenID Connect specification does not talk about client credentials >>> grant type ? at the same time it does not say its a MUST to use >>> authorization code or implicit. >>> >>> 2. AFAIK there is no HTTP binding to pass a JWT - please let me know if >>> there is any? >>> >>> Appreciate your thoughts on this... >>> >>> >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +94 71 809 6732 >>> >>> http://blog.facilelogin.com >>> http://blog.api-security.org >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> >> > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
