# JSON Web Token

## Overview

JSON Web Token (JWT) is an open standard ([RFC 7519](https://tools.ietf.org/html/rfc7519)) that defines a self-contained way to transmit information between parties as a JSON object. This information is considered  trusted because it is digitally signed. 

JWTs can be signed using a secret with the HMAC algorithm, or with a public/private key pair using RSA or ECDSA.

When tokens are signed using public/private key pairs, the signature certifies that the party holding the private key is the one who signed it.

<figure><img src="/files/AHRbVNK8QRvfUsu0MrMB" alt=""><figcaption></figcaption></figure>

## Fields

<table><thead><tr><th width="210">Fields</th><th>Description</th></tr></thead><tbody><tr><td>Issuer</td><td>Identifies the entity that issued the JWT.</td></tr><tr><td>Subject</td><td>Specifies the subject of the JWT, typically representing the user or entity.</td></tr><tr><td>Audience</td><td>Indicates the recipients for whom the JWT is intended.</td></tr><tr><td>JWT Private Key</td><td>A cryptographic key used to sign the JWT for authentication.</td></tr><tr><td>Certificate Thumbprint</td><td>A unique identifier derived from the certificate to validate its authenticity.</td></tr><tr><td>User Principal Name</td><td>The unique identifier associated with a user account.</td></tr></tbody></table>

## How it Works

This is an industry standard authorization flow. The JWT (JSON Web Token) authorization flow is a method for authenticating and authorizing users in web applications using tokens encoded in JSON format.

1. **Authentication:**

* The user authenticates with the identity provider or authentication service.
* Upon successful authentication, the issuer generates a JWT containing the user's information and signs it using the private key.

2. **Token Issuance:**

* The JWT is issued to the user, usually in response to a successful login request.
* The token includes the issuer, subject, audience, and other relevant claims.

3. **Token Usage:**

* The user includes the JWT in subsequent requests to access protected resources or services.
* The recipient verifies the token's signature using the public key associated with the private key used for signing.
* The recipient validates the issuer, subject, audience, and any other relevant claims to ensure the token's authenticity and integrity.

4. **Authorization:**

* Based on the information contained in the token, the recipient determines whether the user has the necessary permissions to access the requested resource.
* If the user is authorized, the request is processed accordingly; otherwise, access is denied.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.aisera.com/aisera-platform/adding-data-to-your-tenant/integrations-and-data-sources/supported-auth-types-for-custom-integrations/json-web-token.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.