Consider adding jti claim in JWT

[jasmine0508]

Describe the bug
JTI claim missing in generated JWT access token

To Reproduce
Generate JWT access token using client_Credentials grant type

Expected behavior
A jwt token with following default claims:
{
"sub": "testClientAK2",
"aud": "testClientAK2",
"nbf": 1694598773,
"scope": [""],
"iss": "http://localhost:9000",
"exp": 1694599773,
"iat": 1694598773,
"jti": xxx
}

Sample

My current JWT token has the following:
{
"sub": "testClientAK2",
"aud": "testClientAK2",
"nbf": 1694598773,
"scope": [""],
"iss": "http://localhost:9000",
"exp": 1694599773,
"iat": 1694598773,
}

I would like to ask how to set the jti claim(by default) in the access token.

[sjohnr]

Related stackoverflow question: https://stackoverflow.com/questions/77096271/how-to-set-jti-claim-in-jwt-token-generated-by-spring-authorization-server

Note: I asked the reporter to open an issue, but this issue was opened previously (possibly as a cross-post of the question).

[jasmine0508]

Yes, it was opened parallelly for a quicker response. But thanks for consideration

[jgrandja]

@jasmine0508 Questions are better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements.

Closing as duplicate of gh-1308

[jasmine0508]

I agree, hence I had raise a question on stackoverflow and post the response of one of the users (https://stackoverflow.com/users/15835039/steve-riesenberg), and post providing justifications for the same, shared the same as an enhancement.

Me - Have a look at auth0.com/docs/secure/tokens/json-web-tokens/…. Though these are Optional but the document says "The JWT specification defines seven reserved claims that are not required, but are recommended to allow interoperability with third-party applications."
Steve - Ok, so not a spec but a recommendation by Auth0. Thanks! I think it would be worth opening an issue for that to discuss whether it should be added by default. –
Steve Riesenberg
Hence raised it as a request. Ofcourse everything can be customized in the token including jti. But considering it as a part of JWT token was the request. As I had already checked that opaque token had jti claim added by default

[jgrandja]

@jasmine0508 Re-opening this and I updated the title to reflect that this is an enhancement request.