在jwt中的哪里存储用户ID [英] Where to store user id in jwt

问题描述

我正在为API令牌创建一个jwt.我将用户ID放入该jwt中，因此我知道谁在调用api.我在哪里将用户ID放在jwt中.

I am generting a jwt for an api token. I am putting the user id into that jwt so I know who is calling into the api. Where do I put the user id in the jwt.

我已经看到许多不同的示例，将其放在"sub"，"aud"甚至"iss"中.如果有的话这是正确的.还是用户ID使用非注册名称?

I have seen many different examples that put it in 'sub', 'aud' and even 'iss'. Which is correct if any. Or does user id go in a non registered name?

推荐答案

sub声明是用户标识的正确声明. aud声明标识了JWT的预期接收者，而iss标识了颁发者/创建者.这些声明的任何其他解释均不符合标准，请参见: https://tools.ietf. org/html/rfc7519#section-4.1

The sub claim is the right claim for the user identifier. The aud claim identifies the intended recipient of the JWT and the iss identifies the issuer/creator. Any other interpretations of these claims are not standard compliant, see: https://tools.ietf.org/html/rfc7519#section-4.1

这篇关于在jwt中的哪里存储用户ID的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！