I’m happy to announce that the OAuth working group adopted the JSON Web Token Best Current Practices (JWT BCP) draft that Yaron Sheffer, Dick Hardt, and I had worked on, following discussions at IETF 99 in Prague and on the working group mailing list.
The specification is available at:
An HTML-formatted version is also available at:
No Comments » Posted under Claims & Cryptography & IETF & JSON & OAuth & Specifications
The JWT BCP draft has been updated to describe the use of explicit typing of JWTs as one of the ways to prevent confusion among different kinds of JWTs. This is accomplished by including an explicit type for the JWT in the “typ†header parameter. For instance, the Security Event Token (SET) specification now uses the “application/secevent+jwt†content type to explicitly type SETs.
The specification is available at:
An HTML-formatted version is also available at:
No Comments » Posted under Claims & Cryptography & JSON & OAuth & Specifications