1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
RFC 9068 was published in October 2021 with these snippets in the Introduction setting the stage for standardization.
The original OAuth 2.0 Authorization Framework [RFC6749] specification does not mandate any specific format for access tokens. [...] This specification aims to provide a standardized and interoperable profile as an alternative to the proprietary JWT access token layouts going forward.
If you need to determine if a token is an access token, Amazon Cognito issued JWTs include a token_use claim as part of the payload with the value access or id (see Using the access token ).
답변함 2달 전
Is there a plan for Cognito to adhere to the JWT spec or will it continue with it's proprietary implementation? It is currently incompatible with tooling that adheres to RFC9068
Jon - please contact your AWS account team about Cognito feature roadmap. Share this link and let them know to contact me for additional background.