JSON Web Token Best Current Practices
RFC 8725, “JSON Web Token Best Current Practices”, is a Best Current Practice document published in February 2020 by Y. Sheffer, D. Hardt, M. Jones. It updates RFC 7519. The canonical text is published by the RFC Editor.
Abstract
JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 8725 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 8724 SCHC: Generic Framework for Static Context Header Compression and Fragmentation
- RFC 8726 How Requests for IANA Action Will Be Handled on the Independent Stream
- RFC 8723 Double Encryption Procedures for the Secure Real-Time Transport Protocol
- RFC 8727 JSON Binding of the Incident Object Description Exchange Format
- RFC 8722 Defining the Role and Function of IETF Protocol Parameter Registry Operators
- RFC 8728 RFC Editor Model
- RFC 8721 Advice to the Trustees of the IETF Trust on Rights to Be Granted in IETF Documents
- RFC 8729 The RFC Series and RFC Editor