Technical Summary
This specification defines a profile for issuing OAuth 2.0 access
tokens in JSON web token (JWT) format. Authorization servers and
resource servers from different vendors can leverage this profile to
issue and consume access tokens in an interoperable manner.
Working Group Summary
The OAuth working group has defined an encoding format for access
tokens in RFC 7519. This document takes deployment practice and
summarizes it in this document with regards to the content
in the JWT access token.
Based on SECDIR review, an MTI signature algorithms was added.
Document Quality
The JWT access token is widely used in industry.
Here is a list of implementations based on feedback on the mailing list:
Node.js project oidc-provider (https://github.com/panva/node-oidc-provider) has an
option to issue Access Tokens conforming to this profile.
IdentityServer implements this functionality:
https://github.com/IdentityServer
Connect2id server implements this specification:
https://connect2id.com/products/server/docs/datasheet#access-token-encoding-jwt
Glewlwyd's OIDC plugin implements an earlier version of the specification:
https://github.com/babelouest/glewlwyd/blob/master/docs/OIDC.md#access-token-formathttps://github.com/babelouest/glewlwyd
The working group has received feedback from the deployment community
and there is consensus on the content of the document.
Personnel
Hannes Tschofenig is the document shepherd
Roman Danyliw is the responsible area director