This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
JSON Web Token Best Current Practices
JSON Web Token Best Current Practices

Version management

Difference between version and

At line 1 added 14 lines
!!! Overview
[{$pagename}] is an [Internet Draft] for [RFC Sub-series] [Best Current Practice] ([BCP]).
[Complete Text|https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-03|target='_blank']
!! Introduction
[JSON Web Tokens], also known as [JWTs] [RFC 7519], are [URL]-safe [JSON]-based security [tokens] that contain a set of [claims] that can be [signed|JWS] and/or [encrypted|JWE]. The [JWT] specification has seen rapid adoption because it encapsulates security-relevant information in one, easy to protect location, and because it is easy to implement using widely-available tools. One application area in which [JWTs] are commonly used is representing [Digital Identity] information, such as [OpenID Connect] [id_tokens] [OpenID.Core] and [OAuth 2.0] [RFC 6749] [access_tokens] and refresh tokens, the details of which are deployment-specific.
The goal of [{$pagename}] is to facilitate secure [implementation] and deployment of [JWTs]. Many of the recommendations in this document will actually be about implementation and use of the [cryptographic] mechanisms underlying JWTs that are defined by [JSON Web Signature] ([JWS]) [RFC 7515], [JSON Web Encryption] ([JWE]) [RFC 7516], and [JSON Web Algorithms] ([JWA]) [RFC 7518]. Others will be about use of the [JWT] [claims] themselves.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop