在 jwt 中存储用户 ID 的位置 [英] Where to store user id in jwt
问题描述
我正在为 api 令牌生成 jwt.我将用户 ID 放入该 jwt 中,这样我就知道是谁在调用 api.我在哪里将用户 ID 放在 jwt 中.
I am generting a jwt for an api token. I am putting the user id into that jwt so I know who is calling into the api. Where do I put the user id in the jwt.
我见过很多不同的例子,它们都放在sub"、aud"甚至iss"中.如果有的话,哪个是正确的.还是用户 id 是非注册名称?
I have seen many different examples that put it in 'sub', 'aud' and even 'iss'. Which is correct if any. Or does user id go in a non registered name?
推荐答案
sub
声明是用户标识符的正确声明.aud
声明标识 JWT 的预期接收者,iss
标识颁发者/创建者.对这些声明的任何其他解释均不符合标准,请参阅:https://www.rfc-editor.org/rfc/rfc7519#section-4.1
The sub
claim is the right claim for the user identifier. The aud
claim identifies the intended recipient of the JWT and the iss
identifies the issuer/creator. Any other interpretations of these claims are not standard compliant, see: https://www.rfc-editor.org/rfc/rfc7519#section-4.1
这篇关于在 jwt 中存储用户 ID 的位置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!