JWT
Compact URL-safe JSON claims format.
Definition
JWT structure: Header.Payload.Signature separated by '.'. Registered claims (RFC 7519): iss, sub, aud, exp, nbf, iat, jti. Algorithm header alg: RS256, ES256, EdDSA. Bare JWT (no signature/encryption) deemed insecure — always JWS or JWE in production. Reject the none algorithm.
Origin
IETF JOSE WG 2011-2015 ; RFC 7519 published May 2015.
Example in context
A Google OIDC ID Token: eyJhbGc... payload contains sub, email, name, exp 1h.
Related terms
- JWS — JWT signature.