In OAuth 2.0 and other specs from the Open ID Foundation, there was a need for a small packed of identity information that could be coded and include in a HTTP header.
- The existing specs at the time the JWT was created were XML and SAML which were very wording and not amenable to coding in an HTTP header.
- RFC 7165 Use Cases and Requirements for JSON Object Signing and Encryption (JOSE)
- Justin Richer has some suggestions.
- Justin Richer, Moving On from OAuth 2: A Proposal. https://medium.com/@justinsecurity/moving-on-from-oauth-2-629a00133ade