!!! Overview
[{$pagename}] is an [Internet Draft] for [RFC Sub-series] [Best Current Practice] ([BCP]).

[Complete Text|https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-03|target='_blank']

!! Introduction
[JSON Web Tokens], also known as [JWTs] [RFC 7519], are [URL]-safe [JSON]-based security [tokens] that contain a set of [claims] that can be [signed|JWS] and/or [encrypted|JWE].  The [JWT] specification has seen rapid adoption because it encapsulates security-relevant information in one, easy to protect location, and because it is easy to implement using widely-available tools.  One application area in which [JWTs] are commonly used is representing [Digital Identity] information, such as [OpenID Connect] [id_tokens] [OpenID.Core] and [OAuth 2.0] [RFC 6749] [access_tokens] and refresh tokens, the details of which are deployment-specific.

The goal of [{$pagename}] is to facilitate secure [implementation] and deployment of [JWTs].  Many of the recommendations in this document will actually be about implementation and use of the [cryptographic] mechanisms underlying JWTs that are defined by [JSON Web Signature] ([JWS]) [RFC 7515], [JSON Web Encryption] ([JWE]) [RFC 7516], and [JSON Web Algorithms] ([JWA]) [RFC 7518].  Others will be about use of the [JWT] [claims] themselves.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]