Lesson 3 of 15
FoundationΒ·Lesson 3

πŸ“œ Entity Statements

Signed documents that carry trust β€” cracking open a JWT

What's a JWT? (30-second version)

An Entity Statement is a JSON Web Token (JWT)[1] β€” a compact, signed JSON document with three parts separated by dots:

eyJhbGciOiJSUzI1NiIsInR5cCI6ImVudGl0eS1zdGF0ZW1lbnQrand0In0.eyJpc3MiOiJodHRwczovL2xvZ2luLnVuaS5lZHUiLC....SflKxwRJSMeKKF2QT4fwpM...

Header (algorithm, type) Β· Payload (claims) Β· Signature (cryptographic proof)

Two Types of Entity Statements

Entity Configuration

Published at .well-known/openid-federation[2]. iss equals sub β€” the entity describes itself. Signed with the entity's own private key.

"iss": "https://login.uni.edu",
"sub": "https://login.uni.edu",
"iat": 1712000000,
"exp": 1712086400,
"jwks":
"keys":
}
,
"metadata":
"openid_provider":
}
,
"authority_hints":
"https://uni.edu"
]
,
"trust_marks":
]
}

Explore Every Claim

Click any claim to see its full definition from Section 3.1.1–3.1.3 of the spec.

Sources & References

  1. RFC 7519 β€” JSON Web Token (JWT)
  2. OpenID Federation 1.0, Section 3.1.1 β€” Claims that MUST or MAY Appear in both Entity Configurations and Subordinate Statements
  3. OpenID Federation 1.0, Section 3.1.3 β€” Claims that MUST or MAY Appear in Subordinate Statements but Not in Entity Configurations