JSON-based standard for passing claims between parties in web application environments
JSON Web Token
Abbreviation
JWT
Status
Proposed Standard
First published
December 28, 2010 (2010-12-28)
Latest version
RFC 7519 May 2015
Organization
IETF
Committee
IEGS
Authors
Michael B. Jones
Microsoft
John Bradley
Ping Identity
Nat Sakimura
NRI
Base standards
JSON
JSON Web Encryption (JWE)
JSON Web Signature (JWS)
Domain
Data exchange
Website
datatracker.ietf.org/doc/html/rfc7519
JSON Web Token (JWT, suggested pronunciation /dʒɒt/, same as the word "jot"[1]) is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.
For example, a server could generate a token that has the claim "logged in as administrator" and provide that to a client. The client could then use that token to prove that it is logged in as admin. The tokens can be signed by one party's private key (usually the server's) so that any party can subsequently verify whether the token is legitimate. If the other party, by some suitable and trustworthy means, is in possession of the corresponding public key, they too are able to verify the token's legitimacy. The tokens are designed to be compact,[2] URL-safe,[3] and usable, especially in a web-browser single-sign-on (SSO) context. JWT claims can typically be used to pass identity of authenticated users between an identity provider and a service provider, or any other type of claims as required by business processes.[4][5]
JWT relies on other JSON-based standards: JSON Web Signature and JSON Web Encryption.[1][6][7]
^ abJones, Michael B.; Bradley, Bradley; Sakimura, Sakimura (May 2015). JSON Web Token (JWT). IETF. doi:10.17487/RFC7519. ISSN 2070-1721. RFC 7519.
^Nickel, Jochen (2016). Mastering Identity and Access Management with Microsoft Azure. Packt Publishing. p. 84. ISBN 9781785887888. Retrieved July 20, 2018.
^Cite error: The named reference jwtintro was invoked but never defined (see the help page).
^Sevilleja, Chris. "The Anatomy of a JSON Web Token". Retrieved May 8, 2015.
^"Atlassian Connect Documentation". developer.atlassian.com. Archived from the original on May 18, 2015. Retrieved May 8, 2015.
^Jones, Michael B.; Bradley, John; Sakimura, Nat (May 2015). "draft-ietf-jose-json-web-signature-41 - JSON Web Signature (JWS)". tools.ietf.org. Retrieved May 8, 2015.
^Jones, Michael B.; Hildebrand, Joe (May 2015). "draft-ietf-jose-json-web-encryption-40 - JSON Web Encryption (JWE)". tools.ietf.org. Retrieved May 8, 2015.
JSONWebToken (JWT, suggested pronunciation /dʒɒt/, same as the word "jot") is a proposed Internet standard for creating data with optional signature...
arbitrary data. This is used as the basis for a variety of web-based technologies including JSONWebToken. JWS is a way to ensure integrity of information in...
defined by RFC 7516. Along with JSONWeb Signature (JWS), it is one of the two possible formats of a JWT (JSONWebToken). JWE forms part of the JavaScript...
can be done using cookies can also be done using other mechanisms. A JSONWebToken (JWT) is a self-contained packet of information that can be used to...
time check algorithm, and if the token is expired, the request is forbidden. "An example of such token is JSONWebToken. The "exp" (expiration time) claim...
created by the subject associated to the token. API key Claims-based identity Session ID JSONWebToken "Access Token: Definition, Architecture, Usage & More"...
implemented by any mainstream browsers. JSONWebToken (JWT) is a JSON-based standard RFC 7519 for creating access tokens that assert some number of claims...
representation of a signal in mathematics CBOR WebToken, a proposed Internet standard for encoding JSONWebToken-style tokens in binary form Kwatay language, spoken...
Webb Space Telescope JWt (Java web toolkit), a software library J. Walter Thompson, an advertising agency JSONWebToken, a metadata standard This disambiguation...
typically expressed in JSON or XML by means of an HTTP-based web server. A server API (SAPI) is not considered a server-side web API, unless it is publicly...
balancer of WebSocket applications. lighttpd mod_wstunnel can construct WebSocket tunnels to transmit arbitrary data, including in JSON format, to a...
authorization: Implementing robust authentication mechanisms, such as OAuth or JSONWebTokens (JWT), ensures that only authorized users can access specific resources...
specification, v1.3, this is done using OAuth2, OpenID Connect, and JSONWebTokens. For example, a Learning Management System (LMS) may use LTI to host...
HMACs. HMAC is used within the IPsec, SSH and TLS protocols and for JSONWebTokens. This definition is taken from RFC 2104: HMAC ( K , m ) = H ( (...
structures for a database, a web service, and web pages. It encourages and facilitates the use of web standards such as JSON or XML for data transfer and...
Foundation (WIF) Support for the SAML 1.1, SAML 2.0, Simple WebToken (SWT) and JSONWebToken (JWT) token formats (JWT still in beta) Integrated and customizable...
Markup Language), OAuth, OpenID, Security Tokens (Simple WebTokens, JSONWebTokens, and SAML assertions), Web Service Specifications, and Windows Identity...
(sometimes also referred to as Web 3.0) is an idea for a decentralized Web based on public blockchains, smart contracts, digital tokens and digital wallets. Historiography...
and does not require quotes around most string values (it also supports JSON style [...] and {...} mixed in the same file). Custom data types are allowed...
As a web service, LinOTP provides a REST-like web API. All functions can be accessed via Pylons controllers. Responses are returned as a JSON object...
signatures. Proof mechanisms that are in use include: JSONWebTokens with JSONWeb Signatures, JSON-LD proofs, and zero-knowledge proofs using schemes such...
messaging (with additional HCLSoftware voice- and video-conferencing and web-collaboration), discussions/forums, blogs, and an inbuilt personnel/user...