Several tens of thousands

[Rubina9898]

I think there is no point in describing them all in detail and for details I refer you to RFC . I will leave here two examples of what sample JWKs might look like. The examples come from the mentioned RFC. ed Claim Names iss – the issuer issuer of the token is stored under this value sub – entity using the token. This may be for example the user to whom the token belongs aud – token recipient exp – expiration date of the token. The standard assumes that a token with a value exp indicating a point in time in the past should be rejected by the application. The standard allows for a tolerance threshold for this value not exceeding several minutes.

It is worth noting that the date is expected to be passed in the NumericDate format i.e. the number of seconds not milliseconds! since T Z UTC. Passing a value in milliseconds is a fairly Phone Number List easy mistake to make which will result in generating tokens valid for…of years nbf – allows you to define from when the token will be valid. Tokens that are not yet valid should be discarded by the application. The remaining guidelines remain the same as for exp iat – token creation date in format jti – unique JWT identifier. An example use case is to prevent a given token from being used more than once. This part is also expected to pass any additional data that the application using the token needs.



This may be for example data identifying the user his role in the system or any other data. An example use case can be found in the documentation for configuring the Real Time Collaboration function inditor. Based on the data provided in the token the user connecting to the document and its role and permissions aresign tokens with an individual key. Then during authentication and he token transferred when connecting to the collaboration session is validated against the signature based on the list of keys for a given environment available in the system.