Konubinix' opinionated web of thoughts

Oauth - What's the Meaning of the “Gty” Claim in a Jwt Token?


gty is not a registered claim name as defined in RFC 7519.

Although I could not find any reference clearly stating it, it seems auth0.com uses gty for the grant_type that was used to request the token. e.g. client-credentials or password


Actually, it is pretty obvious that a OAuth 2 concept does not appear in the rfc7519, that is more general. But it does not appear in the JWT Access Tokens profile for OAuth 2.0 either. To bad…