0

As the documentation says:

JOSE 1 is a framework intended to provide a method to securely transfer claims (such as authorization information) between parties. Doc

Is JOSE is only used for Authentication and Authorization activities or can it be used while "Data in transit" to secure sensitive data (along with SSL and TLS)? As this Hyperwallet example below describes payload encryption: API DOC

Can I use JOSE for Signed and Encrypted API Request and Response beside Authentication for Server to Server Communication Scenario to secure sensitive data?

mnhmilu
  • 2,327
  • 1
  • 30
  • 50
  • it's basically a collection of technical specifications of the token formats and algorithms used to sign and encrypt. What would stop you to use it for your purposes? If I understand it correctly, you link to an example in which JOSE is used for a non authentication/authorization use case. So the answer is: yes, you can. – jps Nov 19 '20 at 13:24
  • Yes. You are correct. Can you give some examples for Spring boot REST API implementation? It will be very helpful. – mnhmilu Nov 19 '20 at 13:30
  • https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid You can check this if you wish. – mnhmilu Nov 19 '20 at 13:32

0 Answers0