从v2令牌端点获取client_credentials令牌时，sub和oid声明中有什么内容? [英] What is in the sub and oid claims when getting client_credentials tokens from the v2 token endpoint?

问题描述

设置密钥/秘密后，我可以获得这些令牌，但是我不知道是否/如何依赖我的应用程序中的子声明.

要获得更多背景知识，我的应用程序实际上是B2C注册的应用程序，我将转到B2C租户中的v2端点，但未指定任何使用客户端凭据流程的策略.在我们的应用程序中，我们使用中间件来验证JWT Bearer令牌 并按sub/oid查找有效的调用者，以将任何适当的声明添加到上下文声明标识中.我试图找出oid是否与某些服务主体，我的应用程序，代表所使用的客户端机密的GUID或其他完全相关的东西 -以及我是否可以足够依赖它以将其添加到预期的用户"列表中具有适当应用程序特权的数据库.

解决方案

选中此链接

https://stackoverflow.com/questions/38978403/how-do-i-get-an-oid-claim-in-aspcore-from-azure-b2c

https://social.msdn.microsoft.com/Forums/zh-CN/62d51868-af3e-42ee-a38e-e91873e3c611/missing-quotrolesquot-claim-in-issued-jwt-tokens?forum=WindowsAzureAD

I can get these tokens after setting up keys/secrets, but I don't know if/how I want to rely on the sub claim in my app.

For more background, my app is actually a B2C registered app and I'm going to the v2 endpoint in the B2C tenant, but with no policy specified in order to use the client credentials flow.  In our app we use middleware to validate the JWT Bearer token and look up valid callers by sub/oid to add any appropriate claims to the contextual claims identity.  I am trying to figure out if the oid is related to some service principal, my app, a GUID representing the client secret used, or something else entirely - and whether I can rely on it enough to just add it to my expected "users" database with appropriate application privileges. 

解决方案

Check this link 

https://stackoverflow.com/questions/38978403/how-do-i-get-an-oid-claim-in-aspcore-from-azure-b2c

https://social.msdn.microsoft.com/Forums/en-US/62d51868-af3e-42ee-a38e-e91873e3c611/missing-quotrolesquot-claim-in-issued-jwt-tokens?forum=WindowsAzureAD

这篇关于从v2令牌端点获取client_credentials令牌时，sub和oid声明中有什么内容?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！