What's the meaning of the "kid" claim in a JWT token?

token jwt
tylkonachwile picture tylkonachwile · May 9, 2017 · Viewed 46.4k times · Source

I generated a JWT and there are some claims which I understand well, but there is a claim called kid in header. Does anyone know what it means?

I generated the token using auth0.com

Answer

cassiomolin picture cassiomolin · May 9, 2017

kid is an optional header claim which holds a key identifier, particularly useful when you have multiple keys to sign the tokens and you need to look up the right one to verify the signature.

Once a signed JWT is a JWS, consider the definition from the RFC 7515:

4.1.4. "kid" (Key ID) Header Parameter

The kid (key ID) Header Parameter is a hint indicating which key was used to secure the JWS. This parameter allows originators to explicitly signal a change of key to recipients. The structure of the kid value is unspecified. Its value MUST be a case-sensitive string. Use of this Header Parameter is OPTIONAL.

When used with a JWK, the kid value is used to match a JWK kid parameter value.

Related questions

JWT (JSON Web Token) library for Java

I am working on a web application developed using Java and AngularJS and chose to implement token authentication and authorization. For the exercise purpose, I've come to the point where I send the credentials to the server, generate a random …

Read More
Authenticating socket io connections using JWT

How can I authenticate a socket.io connection? My application uses a login endpoint from another server (python) to get a token, how can I get use that token whenever a user opens a socket connection on the node side? …

Read More
What's the difference between JWTs and Bearer Token?

I'm learning something about Authorization like Basic, Digest, OAuth2.0, JWTs, and Bearer Token. Now I have a question. You know the JWTs is being used as an Access_Token in the OAuth2.0 standard. JWTs appears at RFC 7519, and Bearer Token …

Read More