Standard JWT claims defined in RFC 7519 and OpenID Connect. Search by claim key, name, or description.
20 claims
| Claim | Name | Description | Example |
|---|---|---|---|
| iss | Issuer | Identifies the principal that issued the JWT | "iss": "https://auth.example.com" |
| sub | Subject | Identifies the principal that is the subject of the JWT | "sub": "user-1234" |
| aud | Audience | Recipients that the JWT is intended for | "aud": ["https://api.example.com"] |
| exp | Expiration Time | Time after which the JWT must not be accepted (Unix timestamp) | "exp": 1735689600 |
| nbf | Not Before | Time before which the JWT must not be accepted | "nbf": 1735603200 |
| iat | Issued At | Time at which the JWT was issued | "iat": 1735603200 |
| jti | JWT ID | Unique identifier for the JWT, used to prevent replay | "jti": "550e8400-e29b-41d4-a716-446655440000" |
| name | Full Name | End-user full name | "name": "John Doe" |
| given_name | Given Name | Given name(s) or first name(s) | "given_name": "John" |
| family_name | Family Name | Surname(s) or last name(s) | "family_name": "Doe" |
| End-user email address | "email": "[email protected]" | ||
| email_verified | Email Verified | Whether the email has been verified | "email_verified": true |
| phone_number | Phone Number | End-user phone number in E.164 format | "phone_number": "+1 (425) 555-1212" |
| address | Address | End-user postal address | "address": { "country": "US" } |
| birthdate | Birthdate | End-user birthday in ISO 8601 format | "birthdate": "1990-12-25" |
| roles | Roles | Application roles assigned to the user (custom) | "roles": ["admin", "user"] |
| scope | Scope | OAuth 2.0 scopes (space-separated) | "scope": "read:profile write:posts" |
| azp | Authorized Party | Party to which the ID token was issued | "azp": "client-app-id" |
| nonce | Nonce | String to associate a client session with an ID token | "nonce": "n-0S6_WzA2Mj" |
| at_hash | Access Token Hash | Hash of the access token | "at_hash": "MTIzNDU2Nzg5MDEyMzQ1Ng" |
marduc812
2026