The IESG has approved the following document: - 'JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens' (draft-ietf-oauth-access-token-jwt-13.txt) as Proposed Standard
This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Benjamin Kaduk and Roman Danyliw. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/ Technical Summary This specification defines a profile for issuing OAuth 2.0 access tokens in JSON web token (JWT) format. Authorization servers and resource servers from different vendors can leverage this profile to issue and consume access tokens in an interoperable manner. Working Group Summary The OAuth working group has defined an encoding format for access tokens in RFC 7519. This document takes deployment practice and summarizes it in this document with regards to the content in the JWT access token. Based on SECDIR review, an MTI signature algorithms was added. Document Quality The JWT access token is widely used in industry. Here is a list of implementations based on feedback on the mailing list: Node.js project oidc-provider (https://github.com/panva/node-oidc-provider) has an option to issue Access Tokens conforming to this profile. IdentityServer implements this functionality: https://github.com/IdentityServer Connect2id server implements this specification: https://connect2id.com/products/server/docs/datasheet#access-token-encoding-jwt Glewlwyd's OIDC plugin implements an earlier version of the specification: https://github.com/babelouest/glewlwyd/blob/master/docs/OIDC.md#access-token-format https://github.com/babelouest/glewlwyd The working group has received feedback from the deployment community and there is consensus on the content of the document. Personnel Hannes Tschofenig is the document shepherd Roman Danyliw is the responsible area director _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
