Month: July 2017

Initial working group draft of JSON Web Token Best Current Practices

On July 27, 2017

In Claims, Cryptography, IETF, JSON, OAuth, Specifications

OAuth logo I’m happy to announce that the OAuth working group adopted the JSON Web Token Best Current Practices (JWT BCP) draft that Yaron Sheffer, Dick Hardt, and I had worked on, following discussions at IETF 99 in Prague and on the working group mailing list.

The specification is available at:

https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-00

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-ietf-oauth-jwt-bcp-00.html

JSON Web Token Best Current Practices draft describing Explicit Typing

By Mike Jones

On July 4, 2017

In Claims, Cryptography, JSON, OAuth, Specifications

OAuth logo The JWT BCP draft has been updated to describe the use of explicit typing of JWTs as one of the ways to prevent confusion among different kinds of JWTs. This is accomplished by including an explicit type for the JWT in the “typ” header parameter. For instance, the Security Event Token (SET) specification now uses the “application/secevent+jwt” content type to explicitly type SETs.

The specification is available at:

https://tools.ietf.org/html/draft-sheffer-oauth-jwt-bcp-01

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-sheffer-oauth-jwt-bcp-01.html