iss: Issuer — who issued the token. | sub: Subject — who the token is about. | aud: Audience — intended recipients.

role: User role or permissions. | scope: Space-delimited permissions. | tenant_id: Multi-tenant identifier.

JWT Claims Reference

Registered claims, common custom claims, and validation tips for JSON Web Tokens.

Registered Claims

Key / Code	Description
iss	Issuer — who issued the token.
sub	Subject — who the token is about.
aud	Audience — intended recipients.
exp	Expiration time (Unix).
nbf	Not before time.
iat	Issued at time.
jti	JWT ID — unique token identifier.

Key / Code	Description
role	User role or permissions.
scope	Space-delimited permissions.
tenant_id	Multi-tenant identifier.

Always validate signature, issuer, audience, and expiration. Reject tokens using none or unexpected algorithms.

Knowledge is power.