BCP 225

RFC 8725

JSON Web Token Best Current Practices, February 2020

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
 
Status:
BEST CURRENT PRACTICE
Updates:
RFC 7519
Authors:
Y. Sheffer
D. Hardt
M. Jones
Stream:
IETF
Source:
oauth (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC8725

Discuss this RFC: Send questions or comments to the mailing list oauth@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 8725


Abstract

JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity and in other application areas. This Best Current Practices document updates RFC 7519 to provide actionable guidance leading to secure implementation and deployment of JWTs.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search