Yeah, those details aren't clear - sort of what happens when you describe using a solution rather than the spec, I think. The JWT is signed and/or encrypted - that is basically how it is verified.
On Mon, May 19, 2014 at 8:38 AM, Kevin Minder <kevin.min...@hortonworks.com>wrote: > Good article. > > However in step "6. Authenticate the user", I fail to see how the > authenticity of the JWT is verified. Is that just omitted to simplify the > example? > > Also in step "5. Obtain user information from the ID token", I assume that > this code extracts the Bearer JWT from the OAuth reponse? > | > String idToken= oAuthResponse.getParam(||"id_token"||); > > |Is the content of idToken the same exact value that would be presented in > the Authorization header of the subsequent request? > > > On 5/17/14 3:43 PM, larry mccay wrote: > >> Here is a good article on using Oltu in JAX-RS to authenticate a google >> user and acquire user profile information: >> >> http://carminedimascio.com/2014/02/google-oauth2-and-jax-rs/ >> >> Note the use of JWT as well. >> >> > > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity > to which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You. >