JSON Web Token (JWT) is a defined structure used to represent claims to be handled between two parties. SKFS uses JWTs as confirmation that the user who received the JWT has been authenticated. See Appendix C for more details.

• algorithms: This is a list of Elliptic Curve algorithms SKFS is authorized to use for signing the JWTs
• duration: Minutes the JWT is valid after it is generated by SKFS
• required: A list of all the required content for the payload. This list is consulted any time SKFS verifies a JWT has all the required information. Allowed values:
  • rpid: The relying party id
  • Iat: The start date and time for when the JWT is created
  • exp: The end date and time for when the JWT expires
  • cip: The client IP address
  • sub: The subject of the JWT; this takes on the value of the user’s username
  • agent: The User Agent used by the user when authorizing to receive the JWT; e.g., Firefox, Chrome, etc.