Delivering solid user friendly software solutions since the dawn of time.


Categories: Security

JWT - Json Web Token

  • The claim Names within a JWT must be unique.
  • JWTs with duplicate claim names must be rejected.

Reserved Claim Names

  • "iss" (Issuer) claim: case sensitive string containing a name or uri value.
  • "sub" (Subject) claim: string with principal that is the subject of the JWT.
  • "aud" (Audience) claim: an array of case sensitive strings, each containing a StringOrURI value.
  • "exp" (Expiration Time) claim: value must be an epoch. Use of this claim is OPTIONAL.
  • "nbf" (Not Before) claim: for issuing future tickets. Value is epoch.
  • "iat" (Issued At) claim: the time at which the JWT was issued.
  • "jti" (JWT ID) claim: a unique identifier for the JWT. Can be used to prevent the JWT from being replayed. Case sensitive string.
  • "typ" (Type) claim: to declare a type for the contents of this JWT claims set.

More: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html