Security is one of those things you shouldn’t play around with yourself, unless you know what you’re doing. This is the reason products such as Identity Server has gained such momentum and popularity. However, Identity Server is extremely difficult to configure correctly, and OIDC is also arguably a "hack" on top of OAuth2. JWT on the other hand, is dead simple to understand, and was created explicitly to authenticate and authorise users, contrary to OAuth that was originally created for an entirely different purpose. Hence, JWT is just as secure as OpenID Connect, only a gazillion times easier to understand and implement.

In the following video I demonstrate how to create your own JWT server using Magic in 1 second. Notice, Magic is a commercial product, and you need to pay a small fee to use it in a production environment – But compared to the number of hours you’d have to spend rolling your own Enterprise Single Sign On solution using JWT, I’m confident in that the license costs are small in comparison.

Source de l’article sur DZONE

L’assistance proposée par ANKAA PMO

ANKAA PMO présent depuis plus de 20 ans sur le marché des services IT, accompagne les DSI dans leur recherche de compétences pour des besoins de renforts en mode régie ou l’externalisation de projets.
Vous souhaitez plus d’information ? Cliquez ici