The required set of MP-JWT claims for which an implementation needs to provide support contains the following:
- typ: This header parameter identifies the token type and is required to be JWT.
- alg: This header algorithm was used to sign the JWT and must be specified as RS256.
- kid: This header parameter provides a hint about which public key was used to sign the JWT.
- iss: This is the issuer and signer of the token.
- sub: This identifies the subject of the JWT.
- exp: This identifies the expiration time on, or after, which the JWT MUST NOT be accepted for processing.
- iat: This identifies the time at which the JWT was issued and can be used to determine the age of the JWT.
- jti: This provides a unique identifier for the JWT. ...