UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF - RFC 9068

JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

active, Most Current
Organization: IETF
Publication Date: 1 October 2021
Status: active
Page Count: 15
scope:

Abstract

This specification defines a profile for issuing OAuth 2.0 access tokens in JSON Web Token (JWT) format. Authorization servers and resource servers from different vendors can leverage this profile to issue and consume access tokens in an interoperable manner.

Document History

RFC 9068
October 1, 2021
JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
Abstract This specification defines a profile for issuing OAuth 2.0 access tokens in JSON Web Token (JWT) format. Authorization servers and resource servers from different vendors can leverage this...

References

This document references:
RFC 2046 - Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types
Published by IETF on November 1, 1996
A description is not available for this item.
This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
Published by IETF on October 1, 2012
This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the...
This document references:
IETF RFC 7515 - JSON Web Signature (JWS)
Published by IETF on May 1, 2015
JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures. Cryptographic algorithms and identifiers for use...
This document references:
IETF RFC 7518 - JSON Web Algorithms (JWA)
Published by IETF on May 1, 2015
This specification registers cryptographic algorithms and identifiers to be used with the JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Key (JWK) specifications. It defines...
This document is referenced by:
RFC 9470 - OAuth 2.0 Step Up Authentication Challenge Protocol
Published by IETF on September 1, 2023
It is not uncommon for resource servers to require different authentication strengths or recentness according to the characteristics of a request. This document introduces a mechanism that resource...
View Less
View All
Advertisement