Understanding the 'cnf' Field in JWT
The 'cnf' (confirmation) field in a JWT (JSON Web Token) is used to bind the token to a specific key, ensuring that the token can only be used by the party possessing the corresponding private key. This enhances the security of the token.
The 'cnf' field typically contains one or more of the following claims:
-
x5t: The thumbprint of an X.509 certificate.
-
jkt: The thumbprint of a JWK (JSON Web Key).
Here is an example of a 'cnf' field:
{
"cnf": {
"x5t": "9G7d4I4cPbTDnYrqFhJDBpDeQHw",
"jkt": "SWV4YjhZZlZGUVM1bzV5L0wzd3BtNHdNcnpBPQ"
}
}
In this example, the 'cnf' field includes both an X.509 certificate thumbprint and a JWK thumbprint, binding the token to the corresponding keys.