Explain OAuth 2.0 vs JWT in the context of service-to-service authentication.

• A. OAuth 2.0 is an authorization framework for granting tokens; JWT is a token format; in service-to-service, OAuth can obtain access tokens, and JWTs are often used as bearer tokens or claims.
• B. OAuth 2.0 is a data format; JWT is a network protocol; both used for transport.
• C. OAuth 2.0 and JWT are unrelated; JWT replaces OAuth.
• D. JWT is used to authorize users; OAuth is used to sign data.

Answer: (A)

In service-to-service authentication, OAuth 2.0 provides the mechanism to obtain permission tokens that authorize calls between services, while JWT is a compact token format that often carries those permissions as signed claims. In practice, a service uses an OAuth 2.0 flow (commonly the Client Credentials flow) to prove its identity to an authorization server and receive an access token. That access token can be a JWT, which contains claims about who the client is, what it’s allowed to do (scopes), who it’s intended for (audience), and when it expires. The resource service can then validate the JWT’s signature and claims to grant access without needing to check with the authorization server on every request. This separation—OAuth 2.0 for obtaining tokens and JWT as the token format used to carry and verify permissions—keeps the authentication and authorization flow clear and scalable. Other descriptions either misstate the roles (OAuth 2.0 is not a data format and JWT is not a network protocol) or imply a replacement relationship rather than a combination, and JWT is not solely about user authorization in this context.