1 Answer
- Newest
- Most votes
- Most comments
0
RFC 9068 was published in October 2021 with these snippets in the Introduction setting the stage for standardization.
The original OAuth 2.0 Authorization Framework [RFC6749] specification does not mandate any specific format for access tokens. [...] This specification aims to provide a standardized and interoperable profile as an alternative to the proprietary JWT access token layouts going forward.
If you need to determine if a token is an access token, Amazon Cognito issued JWTs include a token_use
claim as part of the payload with the value access
or id
(see Using the access token ).
answered a month ago
Relevant content
- asked 2 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Is there a plan for Cognito to adhere to the JWT spec or will it continue with it's proprietary implementation? It is currently incompatible with tooling that adheres to RFC9068
Jon - please contact your AWS account team about Cognito feature roadmap. Share this link and let them know to contact me for additional background.