oauth2.dev

events

IESG

Registry Context

`events` is a security Events claim.

Technical Summary

Security Event Token (SET) Section 2.2 defines `events` for JWT claim sets with the registry description: Security Events.

When Used

Used in JWTs that follow Security Event Token (SET) Section 2.2.

Normative Requirements

`events` claim

MUST
2
  1. 8417 - Section 2.2

    not use multiple event identifiers with the same value..

    Condition: When expressing security event statements.

    Multiple event identifiers with the same value MUST NOT be used.

  2. 8417 - Section 2.2

    not express multiple independent logical events..

    Condition: When included in a Security Event Token.

    The "events" claim MUST NOT be used to express multiple independent logical events.

Validation Guidance

error

When processing `events`, apply the syntax and semantics from Security Event Token (SET) Section 2.2.

info

Treat `events` as profile-specific unless the JWT explicitly follows the referenced specification.

Reference

Details

Entry Id
events
Claim Name
events
Claim Description
Security Events
Change Controller
IESG
Reference
RFC8417 - Section 2.2