在jwt中的哪里存储用户ID [英] Where to store user id in jwt
问题描述
我正在为API令牌创建一个jwt.我将用户ID放入该jwt中,因此我知道谁在调用api.我在哪里将用户ID放在jwt中.
I am generting a jwt for an api token. I am putting the user id into that jwt so I know who is calling into the api. Where do I put the user id in the jwt.
我已经看到许多不同的示例,将其放在"sub","aud"甚至"iss"中.如果有的话这是正确的.还是用户ID使用非注册名称?
I have seen many different examples that put it in 'sub', 'aud' and even 'iss'. Which is correct if any. Or does user id go in a non registered name?
推荐答案
sub
声明是用户标识的正确声明. aud
声明标识了JWT的预期接收者,而iss
标识了颁发者/创建者.这些声明的任何其他解释均不符合标准,请参见: https://tools.ietf. org/html/rfc7519#section-4.1
The sub
claim is the right claim for the user identifier. The aud
claim identifies the intended recipient of the JWT and the iss
identifies the issuer/creator. Any other interpretations of these claims are not standard compliant, see: https://tools.ietf.org/html/rfc7519#section-4.1
这篇关于在jwt中的哪里存储用户ID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!