在 jwt 中存储用户 ID 的位置 [英] Where to store user id in jwt

问题描述

我正在为 api 令牌生成 jwt.我将用户 ID 放入该 jwt 中，这样我就知道是谁在调用 api.我在哪里将用户 ID 放在 jwt 中.

I am generting a jwt for an api token. I am putting the user id into that jwt so I know who is calling into the api. Where do I put the user id in the jwt.

我见过很多不同的例子，它们都放在sub"、aud"甚至iss"中.如果有的话，哪个是正确的.还是用户 id 是非注册名称?

I have seen many different examples that put it in 'sub', 'aud' and even 'iss'. Which is correct if any. Or does user id go in a non registered name?

推荐答案

sub 声明是用户标识符的正确声明.aud 声明标识 JWT 的预期接收者，iss 标识颁发者/创建者.对这些声明的任何其他解释均不符合标准，请参阅:https://www.rfc-editor.org/rfc/rfc7519#section-4.1

The sub claim is the right claim for the user identifier. The aud claim identifies the intended recipient of the JWT and the iss identifies the issuer/creator. Any other interpretations of these claims are not standard compliant, see: https://www.rfc-editor.org/rfc/rfc7519#section-4.1

这篇关于在 jwt 中存储用户 ID 的位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！