ClaimsMicroProfile

Initialize a ClaimsMicroProfile

The MP-JWT issuer. RFC7519, Section 4.1.1

Identifies the principal that is the subject of the JWT.

Identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.

Identifies the time at which the JWT was issued.

The “jti” (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object.

This MP-JWT custom claim is the user principal name in the java.security.Principal interface, and is the caller principal name in javax.security.enterprise.identitystore.IdentityStore. If this claim is missing, fallback to the “preferred_username”, should be attempted, and if that claim is missing, fallback to the “sub” claim should be used.

Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace.

This MP-JWT custom claim is the list of group names that have been assigned to the principal of the MP-JWT. This typically will required a mapping at the application container level to application deployment roles, but a one-to-one between group names and application role names is required to be performed in addition to any other mapping.