OAuth2 defines a standard for Authorization Servicesthat produce JSON Web Tokens (JWT), also known as AccessTokens. These JWTs are passed as an Issued Tokento an OPC UA Serverwhich uses the signature contained in the JWT to validate the token. JWT can also provide information to the Serverregarding the roles associated with the Authenticateduser. The enforcement of the roles is the responsibility of the Server. OPC 10000-4, OPC 10000-5 OPC 10000-6and OPC 10000-18describes OAuth2 and JWTs in more detail. Sites should ensure that they follow the best practices defined in the site CSMS forOAuth2.