What's the meaning of the "kid" claim in a JWT token?
TokenJwtToken Problem Overview
I generated a JWT and there are some claims which I understand well, but there is a claim called kid
in header. Does anyone know what it means?
I generated the token using auth0.com
Token Solutions
Solution 1 - Token
kid
is an optional header claim which holds a key identifier, particularly useful when you have multiple keys to sign the tokens and you need to look up the right one to verify the signature.
Once a signed JWT is a JWS, consider the definition from the RFC 7515:
> 4.1.4. "kid" (Key ID) Header Parameter
>
> The kid
(key ID) Header Parameter is a hint indicating which key
> was used to secure the JWS. This parameter allows originators to
> explicitly signal a change of key to recipients. The structure of the
> kid
value is unspecified. Its value MUST be a case-sensitive
> string. Use of this Header Parameter is OPTIONAL.
>
> When used with a JWK, the kid
value is used to match a JWK kid
> parameter value.
Solution 2 - Token
The kid
(key ID) claim is an optional header claim, used to specify the key for validating the signature.
It is described here: http://self-issued.info/docs/draft-jones-json-web-token-01.html#ReservedHeaderParameterName