jti
Registry Context
`jti` is an optional string identifier for the token in an OAuth token introspection response.
Technical Summary
RFC 7662 defines `jti` as an optional top-level introspection response member containing a string identifier for the token, with its semantics defined by the JWT `jti` claim.
When Used
When the authorization server includes a token identifier in an introspection response.
Normative Requirements
Authorization servers
RFC 7662 - Section 2.2
include a top-level `jti` member containing a string identifier for the token.
Condition: when returning an introspection response
`jti` OPTIONAL. String identifier for the token, as defined in JWT [RFC7519].
Application using multiple issuers
RFC 7519 - Section 4.1.7
prevent collisions among identifier values produced by different issuers.
Condition: if the application uses multiple issuers
if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well.
Entity assigning the identifier
RFC 7519 - Section 4.1.7
assign the identifier so that there is a negligible probability of accidentally assigning the same value to a different data object.
The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object.
Validation Guidance
If `jti` is present, verify that its value is a string.
Ensure assigned `jti` values have a negligible probability of accidental collision.
If multiple issuers are in scope, verify that `jti` collisions are prevented across issuers.
Treat the `jti` value as case-sensitive when storing or comparing it.
Reference
Details
- Entry Id
jti- Name
jti- Description
Unique identifier of the token- Change Controller
IESG- Reference
RFC7662 - Section 2.2