This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Why JWT Token need to be there on top of the credentials

Posted on 11-21-2018 09:46 PM
Not applicable
Reply posted on --/--/---- --:-- AM

I have gone thru the video "JWT Token Explanation" from 4M4D.

APIGEE gateway passing the credentials to Resource Server to get a token, and that JWT token will be sent back to the client by APIGEE. SO why Token is required when already APIGEE is having the credentials of that particular client application and why cant validation happen then and there with those credentials?

0 1 101
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
robert
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

What you might have missed from the video is that there are actually two API calls made. The first call is to get the token. Also, just to clarify, Apigee Edge is not passing credentials to “get the token”. Apigee Edge itself is generating the JWT but only after verifying the “user” credentials by calling to a resource server. The grant type example in the video is resource owner — aka password grant type

Once Edge has generated the JWT (token) and the client application has received it, the application would likely need some data. For that to happen the client application needs to call a business API. That business API is protected by Edge and Edge requires a JWT (token) to be passed.

Does all the above make sense?

0 Likes