JSON Web Token

JSON Web Token (JWT) is an open standard for creating access tokens based on the JSON format.

Tokens are created by the Yandex server, signed with a secret key, and passed to the client, who then uses the token to verify their identity at their server.

Request format

JSON Web Token is mainly used for creating a signed message that the client can use to access service resources.

curl -H 'Authorization: OAuth <OAuth token>' 'https://login.yandex.ru/info?format=jwt'

You can see the request parameters in Exchanging the token for information about the user.

Response format

After the request is processed, the user receives a JWT that is encoded in base64 and signed.

Example of a signed message:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
eyJpYXQiOjE2MTgyMDQ1NDMsImp0aSI6ImY1YzhlMjhiLTljMzYtMTFlYi1hZDUwLTAwMjU5MDkyODk4YSIsImV0OTgzODAzNywiaXNzIjoibGueWFuZGV4LnJ1IiwidWlkIjoxMTQyMzQ1MTU4LCJsb2dpbiI6InluZHgtZWxlbmJhc2tha292YSIsInBzdWlkIjoiMS5BQWNPX2cuaDh6eFQxNGVRSFRMSURYd2s1d203dy50Uks4cIczJiVEp3IiwibmFtZSI6Ilx1MDQxNVx1MDQzYlx2MDQzNVx1MDQzZFx1MDQzMCBcdTA0MTFcdTA0MzBcdTA0NDFcdTA0M2FcdTA0MzBcdTA0M2FcdTA0M2VcdTA0MzJcdTA0MzAiLCJlbWFpbCI6InluZHgtZWxlbmJhc2tha292YUB5YW5kZXgucnUiLCJiaXJ0aGRheSI6IiIsImdlbmRlciI6bnVsbCwiZGlzcGxheV9uYW1lIjoieW5keC1lbGVuYmFza2Frb3ZhIiwiYXZhdGFyX2lkIjoiMC7wLTAifQ.
O8NEvhJ0dI0OOnZSc7Bl-TvxZ1_JDrIpb7zYRW9Nzn

To retrieve user information from base64, use a special library (for example, the Python library) that receives the signed message, key, and JWT signature algorithm (HS256) as parameters.

Example of a decoded message:

{
   u'avatar_id': u'1824/mnL6oLbL5fhaAiY42uizvUCLJI-1',
   u'birthday': u'',
   u'display_name': u'user',
   u'email': u'usere@yandex.ru',
   u'exp': 16458707859,
   u'gender': None,
   u'iat': 1618313760,
   u'iss': u'login.yandex.ru',
   u'jti': u'6ba15884-9c4c-11eb-a478-5254005dbe7b',
   u'login': u'user',
   u'name': u'<i>user\u0418\u0432\u0430\u043D</u>',
   u'psuid': u'1.AAAAfQ.Y6L7rKzy_w8aWJJu74tF9g.vAFTNxqI15bPA4A_35Dfiw',
   u'uid': 3000250009
}

JWT contains a standard field set:

Field

Description

iat

Unixtime of issuing JWT.

jti

Token's unique ID.

exp

Token lifetime.

iss

The host that issued the token (for example, login.yandex.ru).

Additional fields depend on the app rights selected when registering the app in Yandex OAuth. Learn more in Response format.

Previous
Terminology
Next
Connecting to API Yandex ID
In this article: