Skip to content
bento docs

JWT claims

This page is coming soon. The bento.build hosted cache authenticates bento via team-scoped JWTs:

  • Algorithm: Ed25519 (asymmetric — the cache worker holds only the public key)
  • Issuer: https://api.bento.build
  • Subject: stable team UUID
  • Custom claims: team_slug, audit_label (user-supplied at issuance), scope (cache:read / cache:write)

For the issuance + rotation + revocation flow, see Tokens.

The wire-protocol layer that consumes the JWT is documented in the OSS bento-cas-protocol crate.