rules:
  - name: JSON Web Token (base64url-encoded)
    id: kingfisher.jwt.1
    pattern: |
      (?x)
      (
        (?:ey|ewogIC)[A-Za-z0-9_-]{12,}  (?# header )
        \.
        ey[A-Za-z0-9_-]{12,}  (?# payload )
        \.
        [A-Za-z0-9_-]{24,}    (?# signature )
      )
      (?:[^A-Za-z0-9_-]|$)
    pattern_requirements:
      min_digits: 4
    min_entropy: 3.3
    confidence: medium
    examples:
      - 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJsb2dnZWRJbkFzIjoiYWRtaW4iLCJpYXQiOjE0MjI3Nzk2Mzh9.gzSraSYS8EXBxLN_oWnFSRgCzcmEmMjLiuyu5CSpyHI'
      - 'NUCLEAR_SERVICES_ANON_KEY=eyJhbGciOiJIUzI1NiIsEnR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InFqcnVqc2lzY2Nzdnl2am5xdG5xIiwicm9sZSI6ImEub24iLCJpYXQiOjE2NTY1OTY0NjEsImV4cCI6MTk3MjE3MjQ2MX0.WQWcwBAQFNE259f2o8ruFln_UMLTFEnEaUD7KHrs9Aw'
    references:
      - https://en.wikipedia.org/wiki/JSON_Web_Token
      - https://datatracker.ietf.org/doc/html/rfc7519
      - https://en.wikipedia.org/wiki/Base64#URL_applications
      - https://datatracker.ietf.org/doc/html/rfc4648
      - https://developer.okta.com/blog/2018/06/20/what-happens-if-your-jwt-is-stolen
    validation:
      type: JWT
    tls_mode: lax