JSON Web Token

The JSON Web Token (JWT) is an open standard for creating access tokens based on JSON format.

Tokens are created by the Yandex server, signed with a secret key, and passed to the client, who then uses the token to verify their identity at their server.

Request format

The main purpose of the JSON Web Token is to create a signed message with which the user can reach the service to access resources.

curl -H 'Authorization: OAuth <OAuth token> 'https://login.yandex.ru/info?format=jwt'

For descriptions of request parameters, see {#T}Exchange the token for user information.

Response format

After the request is processed, the user receives a JWT that is encoded in base64 and signed.

Example of a signed message:

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.
eyJpYXQiOjE2MTgyMDQ1NDMsImp0aSI6ImY1YzhlMjhiLTljMzYtMTFlYi1hZDUwLTAwMjU5MDkyODk4YSIsImV0OTgzODAzNywiaXNzIjoibGueWFuZGV4LnJ1IiwidWlkIjoxMTQyMzQ1MTU4LCJsb2dpbiI6InluZHgtZWxlbmJhc2tha292YSIsInBzdWlkIjoiMS5BQWNPX2cuaDh6eFQxNGVRSFRMSURYd2s1d203dy50Uks4cIczJiVEp3IiwibmFtZSI6Ilx1MDQxNVx1MDQzYlx2MDQzNVx1MDQzZFx1MDQzMCBcdTA0MTFcdTA0MzBcdTA0NDFcdTA0M2FcdTA0MzBcdTA0M2FcdTA0M2VcdTA0MzJcdTA0MzAiLCJlbWFpbCI6InluZHgtZWxlbmJhc2tha292YUB5YW5kZXgucnUiLCJiaXJ0aGRheSI6IiIsImdlbmRlciI6bnVsbCwiZGlzcGxheV9uYW1lIjoieW5keC1lbGVuYmFza2Frb3ZhIiwiYXZhdGFyX2lkIjoiMC7wLTAifQ.
O8NEvhJ0dI0OOnZSc7Bl-TvxZ1_JDrIpb7zYRW9Nzn

To retrieve user information from base64, use a special library (for example, the Python library) to which the signed message, the key, and the JWT signature algorithm HS256 are passed as parameters.

Example of a decoded message:

{ 
   u'avatar_id': u'1824/mnL6oLbL5fhaAiY42uizvUCLJI-1',
   u'birthday': u'',
   u'display_name': u'user',
   u'email': u'usere@yandex.ru',
   u'exp': 16458707859,
   u'gender': None,
   u'iat': 1618313760,
   u'iss': u'login.yandex.ru',
   u'jti': u'6ba15884-9c4c-11eb-a478-5254005dbe7b',
   u'login': u'user',
   u'name': u'<i>user\u0418\u0432\u0430\u043D</u>',
   u'psuid': u'1.AAAAfQ.Y6L7rKzy_w8aWJJu74tF9g.vAFTNxqI15bPA4A_35Dfiw',
   u'uid': 3000250009
}

JWT contains a standard field set:

Field	Description
`iat`	Unixtime of issuing JWT.
`jti`	Token's unique ID.
`exp`	Token lifetime.
`iss`	The host that issued the token (for example, yandex.ru).

Additional fields depend on the app rights selected when registering the app in Yandex OAuth. Learn more in Response format.

Was the article helpful?

Tokens

Obtain a token manually