<\/p>\n\n\n\n
Definition<\/strong><\/p>\n\n\n\n Structure<\/strong><\/p>\n\n\n\n Definition<\/strong><\/p>\n\n\n\n Key OIDC Tokens<\/strong><\/p>\n\n\n\n \u2705 In short<\/strong>:<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" 1. \ud83d\udd0e What is JWT? Definition Structure 2. \ud83d\udd0e What is OIDC? Definition Key OIDC Tokens 3. \u2753 Why do we need them? JWT OIDC 4. \u2699\ufe0f How each works… <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-52596","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=52596"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52596\/revisions"}],"predecessor-version":[{"id":52597,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52596\/revisions\/52597"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=52596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=52596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=52596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
header.payload.signature<\/code> (Base64URL encoded).<\/li>\n<\/ul>\n\n\n\n\n
{\"alg\":\"RS256\",\"typ\":\"JWT\"}<\/code>).<\/li>\n\n\n\nsub<\/code>, exp<\/code>, aud<\/code>).<\/li>\n\n\n\n
\n\n\n\n2. \ud83d\udd0e What is OIDC?<\/h2>\n\n\n\n
\n
\n
\n\n\n\n3. \u2753 Why do we need them?<\/h2>\n\n\n\n
JWT<\/h3>\n\n\n\n
\n
OIDC<\/h3>\n\n\n\n
\n
\n\n\n\n4. \u2699\ufe0f How each works<\/h2>\n\n\n\n
A. JWT Lifecycle<\/h3>\n\n\n\n
\n
Authorization: Bearer <token><\/code>.<\/li>\n\n\n\n\n
exp<\/code>, iss<\/code>, aud<\/code>).<\/li>\n<\/ul>\n<\/li>\n\n\n\nB. OIDC Flow (Authorization Code Grant \u2013 most common)<\/h3>\n\n\n\n
\n
\n
\n\n\n\n5. \ud83d\udd28 Use Cases<\/h2>\n\n\n\n
JWT<\/h3>\n\n\n\n
\n
OIDC<\/h3>\n\n\n\n
\n
\n\n\n\n6. \ud83e\udde0 Advanced Concepts<\/h2>\n\n\n\n
\n
\n
\n
\n
\n
\n
sub<\/code>, email<\/code>, profile<\/code>).<\/li>\n\n\n\n\n
\n\n\n\n7. \ud83d\udeab Limitations & Risks<\/h2>\n\n\n\n
\n
\n
\n
\n\n\n\n8. \u2601\ufe0f Cloud Provider Support<\/h2>\n\n\n\n
\ud83d\udd37 AWS<\/h3>\n\n\n\n
\n
\n
\n
authenticate-oidc<\/code> action with Cognito or external OIDC IdP.<\/li>\n\n\n\n\ud83d\udd37 Google Cloud<\/h3>\n\n\n\n
\n
\n
\n
\ud83d\udd37 Azure<\/h3>\n\n\n\n
\n
\n
\n
\n\n\n\n9. \ud83c\udfaf Practical Patterns<\/h2>\n\n\n\n
\n
\n
\n
\n
\n\n\n\n10. \ud83d\udccc Quick Comparison Table<\/h2>\n\n\n\n
Feature<\/th> JWT<\/th> OIDC<\/th><\/tr><\/thead> Type<\/strong><\/td> Token format<\/td> Authentication protocol<\/td><\/tr> Who issues<\/strong><\/td> Any IdP or app<\/td> OIDC-compliant IdP<\/td><\/tr> Who uses<\/strong><\/td> Apps, APIs, services<\/td> Apps authenticating human users<\/td><\/tr> Scope<\/strong><\/td> Authorization, service identity<\/td> Authentication + identity + SSO<\/td><\/tr> Token<\/strong><\/td> Access token (JWT)<\/td> ID token (JWT) + access token<\/td><\/tr> Cloud use<\/strong><\/td> API Gateway, STS, workload ID<\/td> Cognito, Firebase, Azure AD, Keycloak<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\n
\n\n\n\n