JSON Web Token
RFC 7519, “JSON Web Token”, is a Proposed Standard document published in May 2015 by M. Jones, J. Bradley, N. Sakimura. It has since been updated by RFC 7797, RFC 8725. The canonical text is published by the RFC Editor.
Abstract
JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7519 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7518 JSON Web Algorithms
- RFC 7520 Examples of Protecting Content Using JSON Object Signing and Encryption
- RFC 7517 JSON Web Key
- RFC 7521 Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- RFC 7516 JSON Web Encryption
- RFC 7522 Security Assertion Markup Language 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
- RFC 7515 JSON Web Signature
- RFC 7523 JSON Web Token Profile for OAuth 2.0 Client Authentication and Authorization Grants