JSON Web Token Best Current Practices draft describing Explicit Typing

On July 4, 2017

In Claims, Cryptography, JSON, OAuth, Specifications

OAuth logo The JWT BCP draft has been updated to describe the use of explicit typing of JWTs as one of the ways to prevent confusion among different kinds of JWTs. This is accomplished by including an explicit type for the JWT in the “typ” header parameter. For instance, the Security Event Token (SET) specification now uses the “application/secevent+jwt” content type to explicitly type SETs.

The specification is available at:

https://tools.ietf.org/html/draft-sheffer-oauth-jwt-bcp-01

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-sheffer-oauth-jwt-bcp-01.html

You must be logged in to post a comment.

Musings on Digital Identity

JSON Web Token Best Current Practices draft describing Explicit Typing

Leave a Reply

JSON Web Token Best Current Practices draft describing Explicit Typing

Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs) spec addressing review comments

Initial working group draft of JSON Web Token Best Current Practices

Leave a Reply