I'm new with JWT, I read the RFC 7519 and alot of Websites about the issue JWE and JWS but I'm a litte bit confuse about this topic.
JWE is encodet and JWS is encodet and signed. The RFC describe "
If the JOSE Header is for a JWS, the JWTis represented asa JWS and the claimsare digitally sigend or MACed, with the JWT Claim Set being the JWS Payload.
If the JOSE HeHeader is for JWE, the JWT is represented as a JWE and the claims are encrypted, with the JWT Claim Set being the plaintext encrytped by the JWE"
How does this work in the JWT.io framework? Is it needed to implement this by myselfe or do i need an additional library??
best regards Michael
JWE is encodet and JWS is encodet and signed.
Not exactly, JWE means the JWT is digitally encrypted and JWS means digitally signed.
jwt.io does not support JWE and partially supports JWS (only compact serialization representation with HS256 or RS256 algorithms). There is a list of libraries for several use cases, however libraries that support JWE are not listed.
At Spomky-Labs, we developed a PHP library that supports JWE and JWS with all algorithms listed in the RFC7518.