JWT

JWT (JSON Web Token, RFC 7519) is a JSON payload with a standardized set of claims. The spec defines seven registered claims (iss, sub, aud, exp, nbf, iat, jti) and allows custom claims. A JWT by itself is just JSON; it becomes useful when wrapped in a JWS (signed) or a JWE (encrypted) — at which point it's a bearer token.

JWTs are the de facto token format for OAuth 2.0 access tokens, OpenID Connect ID tokens, and most modern session cookies. LearnCoin's API uses API-key-bearer tokens rather than JWTs for tenant authentication, but JWTs appear in the OpenID4VCI flow we're planning for EUDI Wallet compatibility.

VC-JWT — a format where a Verifiable Credential is expressed as a JWT payload — is an alternative to JSON-LD + Linked Data Proofs for serializing W3C VCs. LearnCoin uses JSON-LD + LD Proofs for the canonical credential, but VC-JWT will become a co-serialization when OpenID4VCI lands.