Hello there!
It would be great if the docs covered not only the technical details but also some examples.
If I understood correctly, I must declare that my app is JWT aware on its application descriptor. Then, when and admin install my application, my server shall receive a security context object, which must be processed and exchanged for a JWT.
Later, for OAuth 2.0 Bearer authentication, I must use this JWT and my client secret in order to get an access token, which lives for 15 minutes. Such access tokens are for requests in the name of a user.
Is that alright? But still don't see any use cases for this. Why should I use OAuth 2.0 over JWT? To make requests in the name of which user?
Finally, what's the deal with OAuth 1.0? I simply have no idea if I should be using it instead of JWT.
