{"draft":"draft-ietf-oauth-jwt-bcp-07","doc_id":"RFC8725","title":"JSON Web Token Best Current Practices","authors":["Y. Sheffer","D. Hardt","M. Jones"],"format":["HTML","TEXT","PDF","XML"],"page_count":"13","pub_status":"BEST CURRENT PRACTICE","status":"BEST CURRENT PRACTICE","source":"Web Authorization Protocol","abstract":"JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security\r\ntokens that contain a set of claims that can be signed and\/or\r\nencrypted. JWTs are being widely used and deployed as a simple\r\nsecurity token format in numerous protocols and applications, both in\r\nthe area of digital identity and in other application areas.  This\r\nBest Current Practices document updates RFC 7519 to provide\r\nactionable guidance leading to secure implementation and deployment\r\nof JWTs.","pub_date":"February 2020","keywords":["JSON Web Token","JWT","JSON Object Signing and Encryption","JOSE","JSON Web Signature","JWS","JSON Web Encryption","JWE","attacks","Claims","Security","Cryptography"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC7519"],"updated_by":[],"see_also":["BCP0225"],"doi":"10.17487\/RFC8725","errata_url":null}