JSON Web Tokens (JWT)
E192655
JSON Web Tokens (JWT) are a compact, URL-safe standard for securely transmitting digitally signed claims between parties, commonly used for stateless authentication and authorization in web applications.
All labels observed (4)
| Label | Occurrences |
|---|---|
| JSON Web Token | 2 |
| JWT | 2 |
| JSON Web Tokens | 1 |
| JSON Web Tokens (JWT) canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T1711792 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: JSON Web Tokens (JWT) Context triple: [HMAC, usedFor, JSON Web Tokens (JWT)]
-
A.
RFC 6750
RFC 6750 is an IETF specification that defines the use of bearer tokens for securing HTTP requests in the OAuth 2.0 authorization framework.
-
B.
OpenID Connect
OpenID Connect is an identity layer built on top of OAuth 2.0 that enables secure user authentication and single sign-on across applications.
-
C.
RFC 6749
RFC 6749 is the IETF specification that defines the OAuth 2.0 authorization framework used for secure delegated access to web resources.
-
D.
OAuth 2.0
OAuth 2.0 is an industry-standard authorization framework that enables applications to obtain limited access to user resources on HTTP services without exposing user credentials.
-
E.
JSON
JSON (JavaScript Object Notation) is a lightweight, text-based data interchange format widely used for transmitting structured data in web APIs and configuration files.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: JSON Web Tokens (JWT) Target entity description: JSON Web Tokens (JWT) are a compact, URL-safe standard for securely transmitting digitally signed claims between parties, commonly used for stateless authentication and authorization in web applications.
-
A.
RFC 6750
RFC 6750 is an IETF specification that defines the use of bearer tokens for securing HTTP requests in the OAuth 2.0 authorization framework.
-
B.
OpenID Connect
OpenID Connect is an identity layer built on top of OAuth 2.0 that enables secure user authentication and single sign-on across applications.
-
C.
RFC 6749
RFC 6749 is the IETF specification that defines the OAuth 2.0 authorization framework used for secure delegated access to web resources.
-
D.
OAuth 2.0
OAuth 2.0 is an industry-standard authorization framework that enables applications to obtain limited access to user resources on HTTP services without exposing user credentials.
-
E.
JSON
JSON (JavaScript Object Notation) is a lightweight, text-based data interchange format widely used for transmitting structured data in web APIs and configuration files.
- F. None of above. chosen
Statements (64)
| Predicate | Object |
|---|---|
| instanceOf |
authentication mechanism
ⓘ
open standard ⓘ token format ⓘ |
| abbreviation |
JSON Web Tokens (JWT)
self-linksurface differs
ⓘ
surface form:
JWT
|
| canBeEncryptedUsing | JWE ⓘ |
| commonlyTransportedIn |
HTTP Authorization header
ⓘ
HTTP cookies ⓘ URL query parameters ⓘ |
| commonlyUsedWith |
OAuth 2.0
ⓘ
OpenID Connect ⓘ |
| component |
header
ⓘ
payload ⓘ signature ⓘ |
| definedIn | RFC 7519 ⓘ |
| designGoal |
interoperability
ⓘ
scalability ⓘ statelessness ⓘ |
| doesNotProvideByDefault | confidentiality ⓘ |
| enables | bearer token authentication ⓘ |
| encodedWith | Base64url ⓘ |
| headerField |
alg
ⓘ
typ ⓘ |
| is |
URL-safe
ⓘ
compact ⓘ |
| payloadField |
aud
ⓘ
exp ⓘ iat ⓘ iss ⓘ jti ⓘ nbf ⓘ sub ⓘ |
| primaryUse |
authorization
ⓘ
stateless authentication ⓘ |
| relatedStandard |
JOSE
ⓘ
JWE ⓘ JWS ⓘ |
| requires |
audience validation
ⓘ
expiration validation ⓘ secure key management ⓘ |
| risk |
improper validation
ⓘ
signature algorithm confusion ⓘ token theft ⓘ |
| securityProperty |
authenticity
ⓘ
integrity ⓘ |
| signatureAlgorithmType |
Elliptic Curve Digital Signature Algorithm
ⓘ
surface form:
ECDSA
HMAC ⓘ RSA ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supports |
digitally signed claims
ⓘ
integrity protection ⓘ optional encryption ⓘ stateless session management ⓘ |
| supportsAlgorithmFamily |
ES256
ⓘ
HS256 ⓘ RS256 ⓘ |
| supportsUseCase |
ID tokens
ⓘ
access tokens ⓘ refresh tokens ⓘ |
| transmits | claims ⓘ |
| typicalStructure | header.payload.signature ⓘ |
| usedIn |
microservices architectures
ⓘ
single-page applications ⓘ web applications ⓘ |
| usesDataFormat | JSON ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: JSON Web Tokens (JWT) Description of subject: JSON Web Tokens (JWT) are a compact, URL-safe standard for securely transmitting digitally signed claims between parties, commonly used for stateless authentication and authorization in web applications.
Referenced by (6)
Full triples — surface form annotated when it differs from this entity's canonical label.