%% You should probably cite rfc8725 instead of this I-D. @techreport{ietf-oauth-jwt-bcp-06, number = {draft-ietf-oauth-jwt-bcp-06}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/06/}, author = {Yaron Sheffer and Dick Hardt and Michael B. Jones}, title = {{JSON Web Token Best Current Practices}}, pagetotal = 16, year = 2019, month = jun, day = 7, abstract = {JSON Web Tokens, also known as JWTs, are URL-safe JSON-based security tokens that contain a set of claims that can be signed and/or encrypted. JWTs are being widely used and deployed as a simple security token format in numerous protocols and applications, both in the area of digital identity, and in other application areas. The goal of this Best Current Practices document is to provide actionable guidance leading to secure implementation and deployment of JWTs.}, }