1. Format

All SSP tokens implement JWT standard as defined in RFC 7519. It is therefore structured in three parts:

  • header
  • payload
  • signature

Each part is base-64 encoded and separated with a "." (dot):

base64Encode(header) + "." + base64Encode(payload) + "." + base64Encode(signature)

In order to build signature, token's header and payload are signed:

  • Signing key used corresponds to the SSP tenant's credential identified by "kid" claim from the token's header.
  • Algorithm used is HMAC-SHA256 as described in  https://tools.ietf.org/html/rfc7518 , section 5.2.

2. Sample

Header:

Payload:

Signature:

Resulting Encoded Token:

3. Tools

To create an SSP token, please refer to:

4. Available SSP Tokens

Refer to → Related content