Internet Assigned Numbers Authority
JSON Web Token (JWT)
Created
2015-01-23
Last Updated
2025-08-20
Available Formats
[IMG]
XML [IMG]
HTML [IMG]
Plain text
Registries Included Below
??JSON Web Token Claims
??JWT Confirmation Methods
JSON Web Token Claims
Registration Procedure(s)
Specification Required
Expert(s)
Brian Campbell, Mike Jones, Nat Sakimura, Filip Skokan
Reference
[RFC7519]
Note
Registration requests should be sent to the mailing list described in
[RFC7519]. If approved, designated experts should notify IANA within
three weeks. For assistance, please contact iana@iana.org.
Available Formats
[IMG]
CSV
Claim Name Claim Description Change Controller Reference
iss Issuer [IESG] [RFC7519, Section 4.1.1]
sub Subject [IESG] [RFC7519, Section 4.1.2]
aud Audience [IESG] [RFC7519, Section 4.1.3]
exp Expiration Time [IESG] [RFC7519, Section 4.1.4]
nbf Not Before [IESG] [RFC7519, Section 4.1.5]
iat Issued At [IESG] [RFC7519, Section 4.1.6]
jti JWT ID [IESG] [RFC7519, Section 4.1.7]
name Full name [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
given_name Given name(s) or first [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
name(s)
family_name Surname(s) or last [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
name(s)
middle_name Middle name(s) [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
nickname Casual name [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
Shorthand name by which
preferred_username the End-User wishes to [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
be referred to
profile Profile page URL [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
picture Profile picture URL [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
website Web page or blog URL [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
email Preferred e-mail address [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
True if the e-mail
email_verified address has been [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
verified; otherwise
false
gender Gender [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
birthdate Birthday [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
zoneinfo Time zone [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
locale Locale [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
phone_number Preferred telephone [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
number
True if the phone number
phone_number_verified has been verified; [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
otherwise false
address Preferred postal address [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
updated_at Time the information was [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.1]
last updated
Authorized party - the
azp party to which the ID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
Token was issued
Value used to associate
a Client session with an
nonce ID Token (MAY also be [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2][RFC9449]
used for nonce values in
other applications of
JWTs)
auth_time Time when the [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
authentication occurred
at_hash Access Token hash value [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
c_hash Code hash value [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 3.3.2.11]
acr Authentication Context [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
Class Reference
amr Authentication Methods [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 2]
References
Public key used to check
sub_jwk the signature of an ID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 7.4]
Token
cnf Confirmation [IESG] [RFC7800, Section 3.1]
sip_from_tag SIP From tag header [IESG] [RFC8055][RFC3261]
field parameter value
sip_date SIP Date header field [IESG] [RFC8055][RFC3261]
value
sip_callid SIP Call-Id header field [IESG] [RFC8055][RFC3261]
value
sip_cseq_num SIP CSeq numeric header [IESG] [RFC8055][RFC3261]
field parameter value
sip_via_branch SIP Via branch header [IESG] [RFC8055][RFC3261]
field parameter value
orig Originating Identity [IESG] [RFC8225, Section 5.2.1]
String
dest Destination Identity [IESG] [RFC8225, Section 5.2.1]
String
mky Media Key Fingerprint [IESG] [RFC8225, Section 5.2.2]
String
events Security Events [IESG] [RFC8417, Section 2.2]
toe Time of Event [IESG] [RFC8417, Section 2.2]
txn Transaction Identifier [IESG] [RFC8417, Section 2.2]
rph Resource Priority Header [IESG] [RFC8443, Section 3]
Authorization
sid Session ID [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Front-Channel Logout 1.0,
Section 3]
vot Vector of Trust value [IESG] [RFC8485]
vtm Vector of Trust [IESG] [RFC8485]
trustmark URL
Attestation level as
attest defined in SHAKEN [IESG] [RFC8588]
framework
Originating Identifier
origid as defined in SHAKEN [IESG] [RFC8588]
framework
act Actor [IESG] [RFC8693, Section 4.1]
scope Scope Values [IESG] [RFC8693, Section 4.2]
client_id Client Identifier [IESG] [RFC8693, Section 4.3]
Authorized Actor - the
may_act party that is authorized [IESG] [RFC8693, Section 4.4]
to become the actor
jcard jCard data [IESG] [RFC8688][RFC7095]
Number of API requests
at_use_nbr for which the access [ETSI] [ETSI GS NFV-SEC 022 V2.7.1]
token can be used
div Diverted Target of a [IESG] [RFC8946]
Call
opt Original PASSporT (in [IESG] [RFC8946]
Full Form)
Verifiable Credential as [W3C Recommendation Verifiable Credentials
vc specified in the W3C [IESG] Data Model 1.0 - Expressing verifiable
Recommendation information on the Web (19 November 2019),
Section 6.3.1]
Verifiable Presentation [W3C Recommendation Verifiable Credentials
vp as specified in the W3C [IESG] Data Model 1.0 - Expressing verifiable
Recommendation information on the Web (19 November 2019),
Section 6.3.1]
sph SIP Priority header [IESG] [RFC9027]
field
The ACE profile a token
ace_profile is supposed to be used [IETF] [RFC9200, Section 5.10]
with.
"client-nonce". A nonce
previously provided to
the AS by the RS via the
cnonce client. Used to verify [IETF] [RFC9200, Section 5.10]
token freshness when the
RS cannot synchronize
its clock with the AS.
"Expires in". Lifetime
of the token in seconds
from the time the RS
first sees it. Used to
exi implement a weaker from [IETF] [RFC9200, Section 5.10.3]
of token expiration for
devices that cannot
synchronize their
internal clocks.
roles Roles [IETF] [RFC7643, Section 4.1.2][RFC9068, Section
2.2.3.1]
groups Groups [IETF] [RFC7643, Section 4.1.2][RFC9068, Section
2.2.3.1]
entitlements Entitlements [IETF] [RFC7643, Section 4.1.2][RFC9068, Section
2.2.3.1]
token_introspection Token introspection [IETF] [RFC9701, Section 5]
response
eat_nonce Nonce [IETF] [RFC9711]
ueid Universal Entity ID [IETF] [RFC9711]
sueids Semipermanent UEIDs [IETF] [RFC9711]
oemid Hardware OEM ID [IETF] [RFC9711]
hwmodel Model identifier for [IETF] [RFC9711]
hardware
hwversion Hardware Version [IETF] [RFC9711]
Identifier
Indicates whether the
oemboot software booted was OEM [IETF] [RFC9711]
authorized
dbgstat The status of debug [IETF] [RFC9711]
facilities
location The geographic location [IETF] [RFC9711]
eat_profile The EAT profile followed [IETF] [RFC9711]
submods The section containing [IETF] [RFC9711]
submodules
uptime Uptime [IETF] [RFC9711]
The number of times the
bootcount entity or submodule has [IETF] [RFC9711]
been booted
bootseed Identifies a boot cycle [IETF] [RFC9711]
Certifications received
dloas as Digital Letters of [IETF] [RFC9711]
Approval
swname The name of the software [IETF] [RFC9711]
running in the entity
swversion The version of software [IETF] [RFC9711]
running in the entity
Manifests describing the
manifests software installed on [IETF] [RFC9711]
the entity
Measurements of the
measurements software, memory [IETF] [RFC9711]
configuration, and such
on the entity
The results of comparing
measres software measurements to [IETF] [RFC9711]
reference values
intuse The intended use of the [IETF] [RFC9711]
EAT
cdniv CDNI Claim Set Version [IETF] [RFC9246, Section 2.1.8]
cdnicrit CDNI Critical Claims Set [IETF] [RFC9246, Section 2.1.9]
cdniip CDNI IP Address [IETF] [RFC9246, Section 2.1.10]
cdniuc CDNI URI Container [IETF] [RFC9246, Section 2.1.11]
CDNI Expiration Time
cdniets Setting for Signed Token [IETF] [RFC9246, Section 2.1.12]
Renewal
CDNI Signed Token
cdnistt Transport Method for [IETF] [RFC9246, Section 2.1.13]
Signed Token Renewal
cdnistd CDNI Signed Token Depth [IETF] [RFC9246, Section 2.1.14]
sig_val_claims Signature Validation [IETF] [RFC9321, Section 3.2.3]
Token
The claim
authorization_details
contains a JSON array of
JSON objects
representing the rights
of the access token.
authorization_details Each JSON object [IETF] [RFC9396, Section 9.1]
contains the data to
specify the
authorization
requirements for a
certain type of
resource.
A structured claim
containing end-user [OpenID Identity Assurance Schema Definition
verified_claims claims and the details [eKYC_and_Identity_Assurance_WG] 1.0, Section 5]
of how those end-user
claims were assured.
A structured claim
place_of_birth representing the [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
end-user's place of Registration 1.0, Section 4]
birth.
String array
nationalities representing the [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
end-user's Registration 1.0, Section 4]
nationalities.
Family name(s) someone
has when they were born,
or at least from the
time they were a child.
This term can be used by
a person who changes the
family name(s) later in
birth_family_name life for any reason. [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
Note that in some Registration 1.0, Section 4]
cultures, people can
have multiple family
names or no family name;
all can be present, with
the names being
separated by space
characters.
Given name(s) someone
has when they were born,
or at least from the
time they were a child.
This term can be used by
a person who changes the
birth_given_name given name later in life [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
for any reason. Note Registration 1.0, Section 4]
that in some cultures,
people can have multiple
given names; all can be
present, with the names
being separated by space
characters.
Middle name(s) someone
has when they were born,
or at least from the
time they were a child.
This term can be used by
a person who changes the
middle name later in
life for any reason.
birth_middle_name Note that in some [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
cultures, people can Registration 1.0, Section 4]
have multiple middle
names; all can be
present, with the names
being separated by space
characters. Also note
that in some cultures,
middle names are not
used.
salutation End-user's salutation, [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
e.g., "Mr" Registration 1.0, Section 4]
title End-user's title, e.g., [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
"Dr" Registration 1.0, Section 4]
End-user's mobile phone
msisdn number formatted [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
according to ITU-T Registration 1.0, Section 4]
recommendation [E.164]
Stage name, religious
name or any other type
also_known_as of alias/pseudonym with [eKYC_and_Identity_Assurance_WG] [OpenID Connect for Identity Assurance Claims
which a person is known Registration 1.0, Section 4]
in a specific context
besides its legal name.
htm The HTTP method of the [IETF] [RFC9449, Section 4.2]
request
The HTTP URI of the
htu request (without query [IETF] [RFC9449, Section 4.2]
and fragment parts)
The base64url-encoded
SHA-256 hash of the
ath ASCII encoding of the [IETF] [RFC9449, Section 4.2]
associated access
token's value
atc Authority Token [IETF] [RFC9447]
Challenge
sub_id Subject Identifier [IETF] [RFC9493, Section 4.1]
rcd Rich Call Data [IETF] [RFC9795]
Information
rcdi Rich Call Data Integrity [IETF] [RFC9795]
Information
crn Call Reason [IETF] [RFC9795]
msgi Message Integrity [IETF] [RFC9475]
Information
JSON object whose member
_claim_names names are the Claim [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.6.2]
Names for the Aggregated
and Distributed Claims
JSON object whose member
_claim_sources names are referenced by [OpenID_Foundation_Artifact_Binding_Working_Group] [OpenID Connect Core 1.0, Section 5.6.2]
the member values of the
_claim_names member
This claim describes the
set of RDAP query
purposes that are
rdap_allowed_purposes available to an identity [IETF] [RFC9560, Section 3.1.5.1]
that is presented for
access to a protected
RDAP resource.
This claim contains a
JSON boolean literal
that describes a "do not
track" request for
rdap_dnt_allowed server-side tracking, [IETF] [RFC9560, Section 3.1.5.2]
logging, or recording of
an identity that is
presented for access to
a protected RDAP
resource.
geohash Geohash String or Array [Consumer_Technology_Association] [Fast and Readable Geographical Hashing
(CTA-5009)]
_sd Digests of Disclosures [IETF] [RFC-ietf-oauth-selective-disclosure-jwt-22,
for object properties Section 4.2.4.1]
... Digest of the Disclosure [IETF] [RFC-ietf-oauth-selective-disclosure-jwt-22,
for an array element Section 4.2.4.2]
Hash algorithm used to
_sd_alg generate Disclosure [IETF] [RFC-ietf-oauth-selective-disclosure-jwt-22,
digests and digest over Section 4.1.1]
presentation
sd_hash Digest of the SD-JWT to [IETF] [RFC-ietf-oauth-selective-disclosure-jwt-22,
which the KB-JWT is tied Section 4.3]
consumerPlmnId PLMN ID of the NF [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
service consumer
consumerSnpnId SNPN ID of the NF [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
service consumer
producerPlmnId PLMN ID of the NF [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
service producer
producerSnpnId SNPN ID of the NF [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
service producer
producerSnssaiList List of S-NSSAIs of the [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
NF service producer
producerNsiList List of NSIs of the NF [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
service produce
producerNfSetId NF Set ID of the NF [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
service producer
producerNfServiceSetId NF Service Set ID of the [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
NF Service Producer
sourceNfInstanceId NF Instance ID of the [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
source NF
analyticsIdList Analytics IDs [_3GPP_Specifications_Manager] [3GPP TS 29.510, Clause 6.3.5.2.4]
Contains the identifier
of the resource owner,
resOwnerId e.g., GPSI as specified [_3GPP_Specifications_Manager] [3GPP TS 29.222, Clause 8.5.4.2.8]
in clause 5.3.2 of [3GPP
TS 29.571].
JWT Confirmation Methods
Registration Procedure(s)
Specification Required
Expert(s)
John Bradley, Hannes Tschofenig
Reference
[RFC7800]
Note
Registration requests should be sent to the mailing list described in
[RFC7800]. If approved, designated experts should notify IANA within
three weeks. For assistance, please contact iana@iana.org.
Available Formats
[IMG]
CSV
Confirmation Method Value Confirmation Method Description Change Controller Reference
jwk JSON Web Key Representing Public Key [IESG] [RFC7800, Section 3.2]
jwe Encrypted JSON Web Key [IESG] [RFC7800, Section 3.3]
kid Key Identifier [IESG] [RFC7800, Section 3.4]
jku JWK Set URL [IESG] [RFC7800, Section 3.5]
x5t#S256 X.509 Certificate SHA-256 Thumbprint [IESG] [RFC8705, Section 3.1]
osc OSCORE_Input_Material carrying the parameters for using OSCORE per-message [IETF] [RFC9203, Section 3.2.1]
security with implicit key confirmation
jkt JWK SHA-256 Thumbprint [IETF] [RFC9449, Section 6]
Contact Information
ID Name Contact URI Last Updated
[_3GPP_Specifications_Manager] 3GPP Specifications Manager mailto:3gppContact&etsi.org 2025-08-20
[Consumer_Technology_Association] Consumer Technology Association mailto:standards&cta.tech 2024-08-02
[eKYC_and_Identity_Assurance_WG] eKYC and Identity Assurance mailto:openid-specs-ekyc-ida&lists.openid.net 2024-08-02
Working Group
[ETSI] ETSI mailto:pnns&etsi.org 2024-08-02
[IESG] IESG mailto:iesg&ietf.org
[IETF] IETF mailto:iesg&ietf.org
[OpenID_Foundation_Artifact_Binding_Working_Group] OpenID Foundation Artifact Binding mailto:openid-specs-ab&lists.openid.net 2024-08-02
Working Group
Licensing Terms
Presently we were in a very dark road, and at a point where it dropped suddenly between steep sides we halted in black shadow. A gleam of pale sand, a whisper of deep flowing waters, and a farther glimmer of more sands beyond them challenged our advance. We had come to a "grapevine ferry." The scow was on the other side, the water too shoal for the horses to swim, and the bottom, most likely, quicksand. Out of the blackness of the opposite shore came a soft, high-pitched, quavering, long-drawn, smothered moan of woe, the call of that snivelling little sinner the screech-owl. Ferry murmured to me to answer it and I sent the same faint horror-stricken tremolo back. Again it came to us, from not farther than one might toss his cap, and I followed Ferry down to the water's edge. The grapevine guy swayed at our side, we heard the scow slide from the sands, and in a few moments, moved by two videttes, it touched our shore. Soon we were across, the two videttes riding with us, and beyond a sharp rise, in an old opening made by the swoop of a hurricane, we entered the silent unlighted bivouac of Ferry's scouts. Ferry got down and sat on the earth talking with Quinn, while the sergeants quietly roused the sleepers to horse. Plotinus is driven by this perplexity to reconsider the whole theory of Matter.477 He takes Aristotle¡¯s doctrine as the groundwork of his investigation. According to this, all existence is divided into Matter and Form. What we know of things¡ªin other words, the sum of their differential characteristics¡ªis their Form. Take away this, and the unknowable residuum is their Matter. Again, Matter is the vague indeterminate something out of which particular Forms are developed. The two are related as Possibility to Actuality, as the more generic to the more specific substance through every grade of classification and composition. Thus there are two Matters, the one sensible and the other intelligible. The former constitutes the common substratum of bodies, the other the common element of ideas.478 The general distinction between Matter and Form was originally suggested to Aristotle by Plato¡¯s remarks on the same subject; but he differs325 from his master in two important particulars. Plato, in his Timaeus, seems to identify Matter with space.479 So far, it is a much more positive conception than the ?λη of the Metaphysics. On the other hand, he constantly opposes it to reality as something non-existent; and he at least implies that it is opposed to absolute good as a principle of absolute evil.480 Thus while the Aristotelian world is formed by the development of Power into Actuality, the Platonic world is composed by the union of Being and not-Being, of the Same and the Different, of the One and the Many, of the Limit and the Unlimited, of Good and Evil, in varying proportions with each other. The Lawton woman had heard of an officer's family at Grant, which was in need of a cook, and had gone there. [See larger version] On the 8th of July an extraordinary Privy Council was summoned. All the members, of whatever party, were desired to attend, and many were the speculations as to the object of their meeting. The general notion was that it involved the continuing or the ending of the war. It turned out to be for the announcement of the king's intended marriage. The lady selected was Charlotte, the second sister of the Duke of Mecklenburg-Strelitz. Apart from the narrowness of her education, the young princess had a considerable amount of amiability, good sense, and domestic taste. These she shared with her intended husband, and whilst they made the royal couple always retiring, at the same time they caused them to give, during their lives, a moral air to their court. On the 8th of September Charlotte arrived at St. James's, and that afternoon the marriage took place, the ceremony being performed by the Archbishop of Canterbury. On the 22nd the coronation took place with the greatest splendour. Mother and girls were inconsolable, for each had something that they were sure "Si would like," and would "do him good," but they knew Josiah Klegg, Sr., well enough to understand what was the condition when he had once made up his mind. CHAPTER V. THE YOUNG RECRUITS Si proceeded to deftly construct a litter out of the two guns, with some sticks that he cut with a knife, and bound with pawpaw strips. His voice had sunk very low, almost to sweetness. A soft flurry of pink went over her face, and her eyelids drooped. Then suddenly she braced herself, pulled herself taut, grew combative again, though her voice shook. HoME²Ô¾®Ïè̫ʲôÐÇ×ù
ENTER NUMBET 0016idwnet.com.cn
kesilai.com.cn
hyqpt.org.cn
lrvrtm.org.cn
www.qkxchs.com.cn
posezoo.com.cn
sdjt518.com.cn
www.reyuu.com.cn
www.okpktg.net.cn
sikaqi.com.cn