I want to implement the authentication of the requests to my REST API that will be consumed from a mobile application. I still have not decided on JWT or Oauth 2.0, which they recommend me.
I want to implement the authentication of the requests to my REST API that will be consumed from a mobile application. I still have not decided on JWT or Oauth 2.0, which they recommend me.
In my case I use Oauth 2.0 if I want the client to be authenticated by a third party (intermediary) like Facebook, Paypal, Google + ... If you only want to be identified by registering on your website, I see less complex to implement JWT .
The difference is that Oauth usually requests credentials from an identification server (usually a third party) and requires more steps to obtain the token than with JWT, the tokens can also have a different body with different information and encryption, in this aspect JWT I think it is more customizable.