4.1 JWT Token-based Authentication

All ETP servers MUST support authentication using JWT, as described in RFC 7519 (https://tools.ietf.org/html/rfc7519 ) (for a non-normative introduction to JWT, refer to https://jwt.io/introduction/ ). The token is presented during the WebSocket upgrade request, using either the Authorization header or on the query string as described above. ETP mandates the use of JWT, but does not specify how the token is obtained. This token process is implementation-dependent and may be different for user-oriented and machine-oriented clients.

The following additional restrictions are placed on tokens used with an ETP connection: