JSON Web Token (JWT) (original) (raw)
iss
Issuer
[IESG]
sub
Subject
[IESG]
aud
Audience
[IESG]
exp
Expiration Time
[IESG]
nbf
Not Before
[IESG]
iat
Issued At
[IESG]
jti
JWT ID
[IESG]
name
Full name
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
given_name
Given name(s) or first name(s)
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
family_name
Surname(s) or last name(s)
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
middle_name
Middle name(s)
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
nickname
Casual name
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
preferred_username
Shorthand name by which the End-User wishes to be referred to
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
profile
Profile page URL
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
picture
Profile picture URL
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
website
Web page or blog URL
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
Preferred e-mail address
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
email_verified
True if the e-mail address has been verified; otherwise false
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
gender
Gender
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
birthdate
Birthday
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
zoneinfo
Time zone
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
locale
Locale
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
phone_number
Preferred telephone number
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
phone_number_verified
True if the phone number has been verified; otherwise false
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
address
Preferred postal address
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
updated_at
Time the information was last updated
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.1]
azp
Authorized party - the party to which the ID Token was issued
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 2]
nonce
Value used to associate a Client session with an ID Token (MAY also be used for nonce values in other applications of JWTs)
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 2][RFC9449]
auth_time
Time when the authentication occurred
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 2]
at_hash
Access Token hash value
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 2]
c_hash
Code hash value
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 3.3.2.11]
acr
Authentication Context Class Reference
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 2]
amr
Authentication Methods References
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 2]
sub_jwk
Public key used to check the signature of an ID Token
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 7.4]
cnf
Confirmation
[IESG]
sip_from_tag
SIP From tag header field parameter value
[IESG]
sip_date
SIP Date header field value
[IESG]
sip_callid
SIP Call-Id header field value
[IESG]
sip_cseq_num
SIP CSeq numeric header field parameter value
[IESG]
sip_via_branch
SIP Via branch header field parameter value
[IESG]
orig
Originating Identity String
[IESG]
dest
Destination Identity String
[IESG]
mky
Media Key Fingerprint String
[IESG]
events
Security Events
[IESG]
toe
Time of Event
[IESG]
txn
Transaction Identifier
[IESG]
rph
Resource Priority Header Authorization
[IESG]
sid
Session ID
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Front-Channel Logout 1.0, Section 3]
vot
Vector of Trust value
[IESG]
[RFC8485]
vtm
Vector of Trust trustmark URL
[IESG]
[RFC8485]
attest
Attestation level as defined in SHAKEN framework
[IESG]
[RFC8588]
origid
Originating Identifier as defined in SHAKEN framework
[IESG]
[RFC8588]
act
Actor
[IESG]
scope
Scope Values
[IESG]
client_id
Client Identifier
[IESG]
may_act
Authorized Actor - the party that is authorized to become the actor
[IESG]
jcard
jCard data
[IESG]
at_use_nbr
Number of API requests for which the access token can be used
[ETSI]
div
Diverted Target of a Call
[IESG]
[RFC8946]
opt
Original PASSporT (in Full Form)
[IESG]
[RFC8946]
vc
Verifiable Credential as specified in the W3C Recommendation
[IESG]
vp
Verifiable Presentation as specified in the W3C Recommendation
[IESG]
sph
SIP Priority header field
[IESG]
[RFC9027]
ace_profile
The ACE profile a token is supposed to be used with.
[IETF]
cnonce
"client-nonce". A nonce previously provided to the AS by the RS via the client. Used to verify token freshness when the RS cannot synchronize its clock with the AS.
[IETF]
exi
"Expires in". Lifetime of the token in seconds from the time the RS first sees it. Used to implement a weaker from of token expiration for devices that cannot synchronize their internal clocks.
[IETF]
roles
Roles
[IETF]
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1]
groups
Groups
[IETF]
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1]
entitlements
Entitlements
[IETF]
[RFC7643, Section 4.1.2][RFC9068, Section 2.2.3.1]
token_introspection
Token introspection response
[IETF]
eat_nonce
Nonce
[IETF]
[RFC9711]
ueid
Universal Entity ID
[IETF]
[RFC9711]
sueids
Semipermanent UEIDs
[IETF]
[RFC9711]
oemid
Hardware OEM ID
[IETF]
[RFC9711]
hwmodel
Model identifier for hardware
[IETF]
[RFC9711]
hwversion
Hardware Version Identifier
[IETF]
[RFC9711]
oemboot
Indicates whether the software booted was OEM authorized
[IETF]
[RFC9711]
dbgstat
The status of debug facilities
[IETF]
[RFC9711]
location
The geographic location
[IETF]
[RFC9711]
eat_profile
The EAT profile followed
[IETF]
[RFC9711]
submods
The section containing submodules
[IETF]
[RFC9711]
uptime
Uptime
[IETF]
[RFC9711]
bootcount
The number of times the entity or submodule has been booted
[IETF]
[RFC9711]
bootseed
Identifies a boot cycle
[IETF]
[RFC9711]
dloas
Certifications received as Digital Letters of Approval
[IETF]
[RFC9711]
swname
The name of the software running in the entity
[IETF]
[RFC9711]
swversion
The version of software running in the entity
[IETF]
[RFC9711]
manifests
Manifests describing the software installed on the entity
[IETF]
[RFC9711]
measurements
Measurements of the software, memory configuration, and such on the entity
[IETF]
[RFC9711]
measres
The results of comparing software measurements to reference values
[IETF]
[RFC9711]
intuse
The intended use of the EAT
[IETF]
[RFC9711]
cdniv
CDNI Claim Set Version
[IETF]
cdnicrit
CDNI Critical Claims Set
[IETF]
cdniip
CDNI IP Address
[IETF]
cdniuc
CDNI URI Container
[IETF]
cdniets
CDNI Expiration Time Setting for Signed Token Renewal
[IETF]
cdnistt
CDNI Signed Token Transport Method for Signed Token Renewal
[IETF]
cdnistd
CDNI Signed Token Depth
[IETF]
sig_val_claims
Signature Validation Token
[IETF]
authorization_details
The claim authorization_details contains a JSON array of JSON objects representing the rights of the access token. Each JSON object contains the data to specify the authorization requirements for a certain type of resource.
[IETF]
verified_claims
A structured claim containing end-user claims and the details of how those end-user claims were assured.
[eKYC_and_Identity_Assurance_WG]
[OpenID Identity Assurance Schema Definition 1.0, Section 5]
place_of_birth
A structured claim representing the end-user's place of birth.
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
nationalities
String array representing the end-user's nationalities.
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
birth_family_name
Family name(s) someone has when they were born, or at least from the time they were a child. This term can be used by a person who changes the family name(s) later in life for any reason. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
birth_given_name
Given name(s) someone has when they were born, or at least from the time they were a child. This term can be used by a person who changes the given name later in life for any reason. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
birth_middle_name
Middle name(s) someone has when they were born, or at least from the time they were a child. This term can be used by a person who changes the middle name later in life for any reason. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
salutation
End-user's salutation, e.g., "Mr"
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
title
End-user's title, e.g., "Dr"
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
msisdn
End-user's mobile phone number formatted according to ITU-T recommendation [E.164]
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
also_known_as
Stage name, religious name or any other type of alias/pseudonym with which a person is known in a specific context besides its legal name.
[eKYC_and_Identity_Assurance_WG]
[OpenID Connect for Identity Assurance Claims Registration 1.0, Section 4]
htm
The HTTP method of the request
[IETF]
htu
The HTTP URI of the request (without query and fragment parts)
[IETF]
ath
The base64url-encoded SHA-256 hash of the ASCII encoding of the associated access token's value
[IETF]
atc
Authority Token Challenge
[IETF]
[RFC9447]
sub_id
Subject Identifier
[IETF]
rcd
Rich Call Data Information
[IETF]
[RFC9795]
rcdi
Rich Call Data Integrity Information
[IETF]
[RFC9795]
crn
Call Reason
[IETF]
[RFC9795]
msgi
Message Integrity Information
[IETF]
[RFC9475]
_claim_names
JSON object whose member names are the Claim Names for the Aggregated and Distributed Claims
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.6.2]
_claim_sources
JSON object whose member names are referenced by the member values of the _claim_names member
[OpenID_Foundation_Artifact_Binding_Working_Group]
[OpenID Connect Core 1.0, Section 5.6.2]
rdap_allowed_purposes
This claim describes the set of RDAP query purposes that are available to an identity that is presented for access to a protected RDAP resource.
[IETF]
rdap_dnt_allowed
This claim contains a JSON boolean literal that describes a "do not track" request for server-side tracking, logging, or recording of an identity that is presented for access to a protected RDAP resource.
[IETF]
geohash
Geohash String or Array
[Consumer_Technology_Association]
[Fast and Readable Geographical Hashing (CTA-5009)]
_sd
Digests of Disclosures for object properties
[IETF]
[RFC-ietf-oauth-selective-disclosure-jwt-22, Section 4.2.4.1]
...
Digest of the Disclosure for an array element
[IETF]
[RFC-ietf-oauth-selective-disclosure-jwt-22, Section 4.2.4.2]
_sd_alg
Hash algorithm used to generate Disclosure digests and digest over presentation
[IETF]
[RFC-ietf-oauth-selective-disclosure-jwt-22, Section 4.1.1]
sd_hash
Digest of the SD-JWT to which the KB-JWT is tied
[IETF]
[RFC-ietf-oauth-selective-disclosure-jwt-22, Section 4.3]
consumerPlmnId
PLMN ID of the NF service consumer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
consumerSnpnId
SNPN ID of the NF service consumer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
producerPlmnId
PLMN ID of the NF service producer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
producerSnpnId
SNPN ID of the NF service producer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
producerSnssaiList
list of S-NSSAIs of the NF service producer which are authorized for the NF service consumer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
producerNsiList
List of NSIs of the NF service producer which are authorized for the NF service consumer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
producerNfSetId
NF Set ID of the NF service producer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
producerNfServiceSetId
NF Service Set ID of the NF Service Producer
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
sourceNfInstanceId
NF Instance ID of the source NF
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
analyticsIdList
Analytics IDs
[_3GPP_Specifications_Manager]
[3GPP TS 29.510, Clause 6.3.5.2.4]
resOwnerId
Contains the identifier of the resource owner, e.g., GPSI as specified in clause 5.3.2 of [3GPP TS 29.571].