The maximum utility of MP-JWT as a token format depends on the agreement between both identity providers and service providers. This means identity providers—responsible for issuing tokens—should be able to issue tokens using the MP-JWT format in a way that service providers can understand to inspect the token and gather information about a subject. The primary goals for MP-JWT are as follows:
- It should be usable as an authentication token.
- It should be usable as an authorization token that contains application-level roles indirectly granted via a group's claim.
- It can support additional standard claims described in IANA JWT Assignments (https://www.iana.org/assignments/jwt/jwt.xhtml), as well as non-standard ...