BCP 225

RFC 8725

JSON Web Token Best Current Practices, February 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Status:
BEST CURRENT PRACTICE
Updates:
RFC 7519
Authors:
Y. Sheffer
D. Hardt
M. Jones
Stream:
IETF
Source:
oauth (sec)

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC8725

Discuss this RFC: Send questions or comments to oauth@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader