JSON Web Token (JWT)

Created
2015-01-23
Last Updated
2021-11-26
Available Formats

XML

HTML

Plain text

Registries included below

JSON Web Token Claims

Registration Procedure(s)
Specification Required
Expert(s)
John Bradley, Brian Campbell, Michael B. Jones, Chuck Mortimore
Reference
[RFC7519]
Note
Registration requests should be sent to the mailing list 
described in [RFC7519].
    
Available Formats

CSV
Claim Name Claim Description Change Controller Reference
iss Issuer [IESG] [RFC7519, Section 4.1.1]
sub Subject [IESG] [RFC7519, Section 4.1.2]
aud Audience [IESG] [RFC7519, Section 4.1.3]
exp Expiration Time [IESG] [RFC7519, Section 4.1.4]
nbf Not Before [IESG] [RFC7519, Section 4.1.5]
iat Issued At [IESG] [RFC7519, Section 4.1.6]
jti JWT ID [IESG] [RFC7519, Section 4.1.7]
name Full name [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
given_name Given name(s) or first name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
family_name Surname(s) or last name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
middle_name Middle name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
nickname Casual name [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
preferred_username Shorthand name by which the End-User wishes to be referred to [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
profile Profile page URL [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
picture Profile picture URL [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
website Web page or blog URL [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
email Preferred e-mail address [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
email_verified True if the e-mail address has been verified; otherwise false [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
gender Gender [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
birthdate Birthday [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
zoneinfo Time zone [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
locale Locale [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
phone_number Preferred telephone number [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
phone_number_verified True if the phone number has been verified; otherwise false [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
address Preferred postal address [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
updated_at Time the information was last updated [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
azp Authorized party - the party to which the ID Token was issued [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
nonce Value used to associate a Client session with an ID Token [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
auth_time Time when the authentication occurred [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
at_hash Access Token hash value [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
c_hash Code hash value [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 3.3.2.11]
acr Authentication Context Class Reference [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
amr Authentication Methods References [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
sub_jwk Public key used to check the signature of an ID Token [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 7.4]
cnf Confirmation [IESG] [RFC7800, Section 3.1]
sip_from_tag SIP From tag header field parameter value [IESG] [RFC8055][RFC3261]
sip_date SIP Date header field value [IESG] [RFC8055][RFC3261]
sip_callid SIP Call-Id header field value [IESG] [RFC8055][RFC3261]
sip_cseq_num SIP CSeq numeric header field parameter value [IESG] [RFC8055][RFC3261]
sip_via_branch SIP Via branch header field parameter value [IESG] [RFC8055][RFC3261]
orig Originating Identity String [IESG] [RFC8225, Section 5.2.1]
dest Destination Identity String [IESG] [RFC8225, Section 5.2.1]
mky Media Key Fingerprint String [IESG] [RFC8225, Section 5.2.2]
events Security Events [IESG] [RFC8417, Section 2.2]
toe Time of Event [IESG] [RFC8417, Section 2.2]
txn Transaction Identifier [IESG] [RFC8417, Section 2.2]
rph Resource Priority Header Authorization [IESG] [RFC8443, Section 3]
sid Session ID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Front-Channel Logout 1.0, Section 3]
vot Vector of Trust value [IESG] [RFC8485]
vtm Vector of Trust trustmark URL [IESG] [RFC8485]
attest Attestation level as defined in SHAKEN framework [IESG] [RFC8588]
origid Originating Identifier as defined in SHAKEN framework [IESG] [RFC8588]
act Actor [IESG] [RFC8693, Section 4.1]
scope Scope Values [IESG] [RFC8693, Section 4.2]
client_id Client Identifier [IESG] [RFC8693, Section 4.3]
may_act Authorized Actor - the party that is authorized to become the actor [IESG] [RFC8693, Section 4.4]
jcard jCard data [IESG] [RFC8688][RFC7095]
at_use_nbr Number of API requests for which the access token can be used [ETSI] [ETSI GS NFV-SEC 022 V2.7.1]
div Diverted Target of a Call [IESG] [RFC8946]
opt Original PASSporT (in Full Form) [IESG] [RFC8946]
vc Verifiable Credential as specified in the W3C Recommendation [IESG] [W3C Recommendation Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web (19 November 2019), Section 6.3.1]
vp Verifiable Presentation as specified in the W3C Recommendation [IESG] [W3C Recommendation Verifiable Credentials Data Model 1.0 - Expressing verifiable information on the Web (19 November 2019), Section 6.3.1]
sph SIP Priority header field [IESG] [RFC9027]
ace_profile The ACE profile a token is supposed to be used with. [IETF] [RFC-ietf-ace-oauth-authz-46, Section 5.10]
cnonce "client-nonce". A nonce previously provided to the AS by the RS via the client. Used to verify token freshness when the RS cannot synchronize its clock with the AS. [IETF] [RFC-ietf-ace-oauth-authz-46, Section 5.10]
exi "Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks. [IETF] [RFC-ietf-ace-oauth-authz-46, Section 5.10.3]
roles Roles [IETF] [RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1]
groups Groups [IETF] [RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1]
entitlements Entitlements [IETF] [RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1]
token_introspection Token introspection response [IETF] [RFC-ietf-oauth-jwt-introspection-response-12, Section 5]

JWT Confirmation Methods

Registration Procedure(s)
Specification Required
Expert(s)
John Bradley, Hannes Tschofenig
Reference
[RFC7800]
Note
Registration requests should be sent to the mailing list 
described in [RFC7800].
    
Available Formats

CSV
Confirmation Method Value Confirmation Method Description Change Controller Reference
jwk JSON Web Key Representing Public Key [IESG] [RFC7800, Section 3.2]
jwe Encrypted JSON Web Key [IESG] [RFC7800, Section 3.3]
kid Key Identifier [IESG] [RFC7800, Section 3.4]
jku JWK Set URL [IESG] [RFC7800, Section 3.5]
x5t#S256 X.509 Certificate SHA-256 Thumbprint [IESG] [RFC8705, Section 3.1]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message security with implicit key confirmation [IETF] [RFC-ietf-ace-oscore-profile-19, Section 3.2.1]

Contact Information

ID Name Contact URI Last Updated
[ETSI] ETSI mailto:pnns&etsi.org 2020-01-13
[IESG] IESG mailto:iesg&ietf.org
[IETF] IETF mailto:iesg&ietf.org
[OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding Working Group mailto:openid-specs-ab&lists.openid.net 2015-04-20