What is difference between private and public claims on jwt?
I'm confused with the difference between those two claims. From what I understand they are both custom claims. So what is the difference?
What is difference between private and public claims on jwt?
I'm confused with the difference between those two claims. From what I understand they are both custom claims. So what is the difference?
Custom claim names that are required to be collision resistant. Their names should be UUIDs or prefixed by a URL to create a safe namespace for them and avoid collisions.
Custom claim names that are not required to be collision resistant.
What is difference between private and public claims on jwt?
Only difference is public claims are required to be universally collision resistant while private claims are not.
Public claims are like public API that defined for public consumption. They should be well documented. RFC7519 defines several ways to do it.
Private claims are claims that are known only to the producer and consumer of a JWT. Private claim names are not collision-resistant and should be used with clear understanding of this and care...