This works in conjunction with the OpenID Connect 1.0 Support. JSON Web Tokens (or JWTs) also pronounced as "jots" are a compact, URL-safe means of representing claims to be transferred between two parties. Claims are encoded in JSON object format.
Generally, within OpenID Specifications, a JWT is returned from the token endpoint as an id_token.
However, an access_token can also be a JWT in some cases.
What is a JWT?
A JWT is a JSON encoded token which is used to securely transfer information over the web. It could contain any information, however, for the scope of this document, it contains information related to the user using which a client can authenticate the user or act on behalf of the user.
A JWT generally contains three parts: header, payload and signature.
Normally, the JWT is in this format:
The Header contains information related to the JWT itself such as the ID and the Algorithm that is used to sign the JWT.
The Payload contains the actual information that is to be transferred between parties. This also contains some information related to JWT such as the issuer, expiry time and issued at time.
The Signature is a base64 encoded sha256 hash of the header and the payload.