SKFS now returns a digitally signed JSON Web Token (JWT) upon authentication. A JWT is an object that contains authorization information that can be used between different applications within a Relying Party's (RP) infrastructure to provide trust.When a user authenticates with a FIDO credential to an RP application, the application sends the authentication request to the SKFS. SKFS authenticates the user based on the configured FIDO Policy; if successful, SKFS creates a digitally signed JWT and returns it to the calling application in the response. This JWT may then be used within the RP's infrastructure to access applications configured to trust the signed JWT returned by SKFS. StrongKey provides sample Java code to validate the JWT that can be integrated into the RP's web application; the sample code may be used with any number of web applications that are integrated to authenticate users to the SKFS. This delivers a highly cost-effective Single Sign-On (SSO) capability to the RP without the need for external SSO solutions.

Read more under JSON Web Tokens (JWTs).