iat
Registry Context
`iat` identifies the time at which a JWT was issued. RFC 9101 registers it as an OAuth authorization request parameter because a Request Object is a JWT.
Technical Summary
RFC 7519 defines `iat` as an optional JWT claim whose value is a NumericDate represented by a JSON number. RFC 9101 registers `iat` in the OAuth Parameters registry with the usage location "authorization request" and requires core JWT claims in a Request Object to retain their JWT-defined meanings.
When Used
When conveying the JWT issuance time in a JWT, including an OAuth Request Object.
Normative Requirements
Unspecified actor
RFC 7519 - Section 4.1.6
Use of the `iat` claim is optional..
Use of this claim is OPTIONAL.
JWT producer
RFC 7519 - Section 4.1.6
The `iat` value must be a number containing a NumericDate value..
Condition: When an `iat` claim is included in a JWT.
Its value MUST be a number containing a NumericDate value.
Validation Guidance
Flag an included `iat` value as invalid if it is not a JSON number containing a NumericDate value.
Allow JWTs that omit `iat`.
Reference
Details
- Entry Id
iat- Name
iat- Parameter Usage Location
authorization request- Change Controller
IETF- Reference
RFC7519 - Section 4.1.6, RFC9101