JWT requires a JWT token and a scope, this token doesn’t support the first two and doesn’t even support optional scopes. Even though this token supports optional scopes, it doesn’t work with the standard scopes and doesn’t support required scopes.
The thing is, many scopes in use by web services require you to use your own scopes (not JWT tokens) while some other scopes are only supported by JWT tokens. For example, the Google Search Scope has a requirement that your own Google Search Script needs to have your own scope named “G-Search” that needs to have the “scopes.google.com” scope required.
The problem is that many scopes are tied to some sort of Google account and are tied to Google Search. So if you use JWT tokens to sign your requests, that means that you can only sign requests that are tied to Google Search. That means that if you have a Google Search scope in your JWT, you cant use it with any other scopes. So I would highly recommend using the Google Search scope with JWT tokens.
The reason why I recommend this is because I personally have never used JWT tokens with Google and I don’t think Google should be letting you do that. That’s not just my opinion, it’s also backed up by the fact that I’ve seen Google’s implementation of JWT tokens fail so many times, that I’m not sure what they’re thinking at this point.
In fact, even Google themselves don’t know what the official implementation of JWT tokens is. It’s a complicated topic, so they probably don’t know either. JWT tokens are a new standard that Google decided to implement and then failed to actually use. If they did implement it, it would just be a bunch of code that no one uses and therefore it wouldn’t be a valid scoped token.
JWT tokens are basically a Json Web Token. A JWT token is just a string that Google uses to sign and encrypt data. Google had to resort to the use of JWT tokens because of a few reasons that you probably have heard about already. The biggest reason Google had to resort to JWT tokens is because Java can’t handle the amount of data that JWT tokens require.
JWT tokens have been around for years now, but no one had come up with an efficient way to handle the amount of data that those tokens require. In short, if you wanted to have the speed of one JWT token, you would need to send the data over a secure channel, which is still not possible with most web-enabled browsers.
This is the first time Google has ever used a token that didn’t support required scopes, so in this sense, it isn’t an improvement. If I wanted to send a large file over an insecure channel, I would write it to a local file and send it over an insecure channel. I would have to make a web server/client that I can trust to send that file, and that is not something that our web server can do.
The fact that scopes are required is not the only thing that is wrong here. A client that doesnt support required scopes is also not good because it will be more difficult to connect to the server. Google wants web servers to be able to connect to any URL and send the data over, but many servers will be unable to do this. They would need to ask the server to add the missing scopes or, in the worst case, not send at all.
The good news is that you can use scopes to send files, but when you send a file to Google, they will send back a JSON file, so you can easily write your own file upload form and the Google server will be able to parse your file and provide you with the right scopes. It’s the same as a PDF form, but with file uploads.
