The cryptographic challenge provided by the server that must be included in the signed JWT to prove possession of the private key.