JWT Specification
Purpose: define formal access-token format and verification constraints.
Header
{
"alg": "RS256",
"typ": "JWT",
"kid": "main"
}Core Claims
sub: identity idaud: application idiss: issueremail: identity emailexp,iat: temporal claims
Token Properties
- Access token format: JWT
- Signing algorithm:
RS256 - Access-token TTL: 30 minutes
- Refresh token: opaque, state-bound, rotated
Verification
- Public key endpoint:
GET /v1/public_key - Validate signature, issuer, audience, and expiration
Beta Limitations
- No JWKS endpoint
- Static
kid(main) - No multi-key rotation
Last updated on