I need to implement JWT, I think the flow should be like this:
-- when user logs in successfully ==> CA proxy will generate an ID token, Encode/Encrypt (?) it, send it back to user as a header response.
Below are few queries :
1. I am using Gateway version 9.4 . The policy manager has an assertion 'Generate ID token' with description 'Generate an ID token with JSON message. Also I see 'Generate and Validate an ID token' in CA API Management OAuth Toolkit - 4.2 . Which one to be used and what is the difference?
2. If while processing the first request, ID token is created , encoded and sent back to user, then how is the flow while decoding the token ?
3. When/why to use Json Web Key ?
Thanks a lot.