I am trying to create JWT which needs to be sent to an external token endpoint. The external provider requires the POST body to have a JWT which is made up of several parameters, one among them is "jti". I went through the doc and know what "jti" is for.
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned by the you in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object; if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well. The "jti" claim can be used to prevent the JWT from being replayed. The "jti" value is a case-sensitive string.
Now to create JWT I am using org.jose4j.jwt.JwtClaims, which has a method setGeneratedJwtId(), but when i go through the doc https://javadoc.io/doc/org.bitbucket.b_c/jose4j/0.4.4/org/jose4j/jwt/JwtClaims.html#setGeneratedJwtId(), there is not much info on this method.
From the method name its fairly suggestive that it is generating some kind of id, but i need to know what is the type of id generated, how long are the characters is it alphanumeric or any other type.
Can anyone please provide info on this.
The resultant "jti" claim value will be base64url encoded random 16 bytes (128 bits), which is 22 characters of alphanumeric and "_" and "-".