From Idea to Standard: How the JWT Profile for OAuth 2.0 Access Tokens Became RFC9068

I think that the azp claim was borrowed from the OIDC specification.
This post briefly explains why it is in our access tokens.

As far as I know, there are no other RFCs that define access tokens in JWT format.

1 Like