Reputation: 56
Using jti claim of JWT tokens as an opaque token
I have a use case where I need to get Both JWT and Opaque tokens from the server(for testing purposes). But either of only JWT or Opaque token can be configured to be retrieved in the Application.
Can I use the jti claim of JWT as an opaque token ?. According to the official docs, jti is a random unique ID per JWT token. So I don't need to write any logic to trigger another request with changes configurations to get an opaque token.
Upvotes: 1
Views: 1686
Answers (1)
Reputation: 56
According to the official doc
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object; if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well. The "jti" claim can be used to prevent the JWT from being replayed. The "jti" value is a case-sensitive string. Use of this claim is OPTIONAL.
So we can use it :)
Upvotes: 1
Related Questions
- Auth0 JWT with Java
- JWT and Authorization Server
- How can I get Claims from a JWT?
- Java: JWT Token Generation Using a Certificate
- Verify Access token signature using java-jwt
- How to make a JWT with a fully custom payload
- Generating JTI claim for JWT in javascript
- Auth0 java-jwt library fails to verify a valid token
- JWT: jwtk/jjwt with public/private keys
- Accessing JWT nested claims with jose4j