JSON Web Token (JWT)

Created
2015-01-23
Last Updated
2017-06-12
Available Formats

XML

HTML

Plain text

Registries included below

JSON Web Token Claims

Registration Procedure(s)
Specification Required
Expert(s)
John Bradley, Brian Campbell, Michael B. Jones, Chuck Mortimore
Reference
[RFC7519]
Available Formats

CSV
Claim Name Claim Description Change Controller Reference
iss Issuer [IESG] [ RFC7519, Section 4.1.1]
sub Subject [IESG] [ RFC7519, Section 4.1.2]
aud Audience [IESG] [ RFC7519, Section 4.1.3]
exp Expiration Time [IESG] [ RFC7519, Section 4.1.4]
nbf Not Before [IESG] [ RFC7519, Section 4.1.5]
iat Issued At [IESG] [ RFC7519, Section 4.1.6]
jti JWT ID [IESG] [ RFC7519, Section 4.1.7]
name Full name [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
given_name Given name(s) or first name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
family_name Surname(s) or last name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
middle_name Middle name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
nickname Casual name [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
preferred_username Shorthand name by which the End-User wishes to be referred to [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
profile Profile page URL [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
picture Profile picture URL [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
website Web page or blog URL [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
email Preferred e-mail address [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
email_verified True if the e-mail address has been verified; otherwise false [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
gender Gender [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
birthdate Birthday [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
zoneinfo Time zone [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
locale Locale [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
phone_number Preferred telephone number [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
phone_number_verified True if the phone number has been verified; otherwise false [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
address Preferred postal address [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
updated_at Time the information was last updated [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 5.1]
azp Authorized party - the party to which the ID Token was issued [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 2]
nonce Value used to associate a Client session with an ID Token [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 2]
auth_time Time when the authentication occurred [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 2]
at_hash Access Token hash value [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 2]
c_hash Code hash value [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 3.3.2.11]
acr Authentication Context Class Reference [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 2]
amr Authentication Methods References [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 2]
sub_jwk Public key used to check the signature of an ID Token [OpenID_Foundation_Artifact_Binding_Working_Group] [ OpenID Connect Core 1.0, Section 7.4]
cnf Confirmation [IESG] [RFC7800, Section 3.1]
sip_from_tag SIP From tag header field parameter value [IESG] [RFC8055][RFC3261]
sip_date SIP Date header field value [IESG] [RFC8055][RFC3261]
sip_callid SIP Call-Id header field value [IESG] [RFC8055][RFC3261]
sip_cseq_num SIP CSeq numeric header field parameter value [IESG] [RFC8055][RFC3261]
sip_via_branch SIP Via branch header field parameter value [IESG] [RFC8055][RFC3261]
orig Originating Identity String [IESG] [RFC-ietf-stir-passport-11, Section 5.2.1]
dest Destination Identity String [IESG] [RFC-ietf-stir-passport-11, Section 5.2.1]
mky Media Key Fingerprint String [IESG] [RFC-ietf-stir-passport-11, Section 5.2.2]

JWT Confirmation Methods

Registration Procedure(s)
Specification Required
Expert(s)
John Bradley, Hannes Tschofenig
Reference
[RFC7800]
Available Formats

CSV
Confirmation Method Value Confirmation Method Description Change Controller Reference
jwk JSON Web Key Representing Public Key [IESG] [ RFC7800, Section 3.2]
jwe Encrypted JSON Web Key [IESG] [ RFC7800, Section 3.3]
kid Key Identifier [IESG] [ RFC7800, Section 3.4]
jku JWK Set URL [IESG] [ RFC7800, Section 3.5]

People

ID Name Contact URI Last Updated
[IESG] IESG mailto:iesg&ietf.org
[OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding Working Group mailto:openid-specs-ab&lists.openid.net 2015-04-20