“孩子"的意思是什么?在JWT令牌中索赔? [英] What's the meaning of the "kid" claim in a JWT token?
问题描述
我生成了一个JWT,我很理解一些声明,但是标头中有一个称为kid
的声明.有谁知道这意味着什么?
I generated a JWT and there are some claims which I understand well, but there is a claim called kid
in header. Does anyone know what it means?
我使用auth0.com生成了令牌
I generated the token using auth0.com
推荐答案
kid
是可选的标头声明,其中包含密钥标识符,当您有多个密钥来对令牌进行签名并且需要查找正确的密钥时,该选项特别有用一个来验证签名.
kid
is an optional header claim which holds a key identifier, particularly useful when you have multiple keys to sign the tokens and you need to look up the right one to verify the signature.
一旦签名的JWT是JWS,请考虑 RFC 7515 中的定义:>
Once a signed JWT is a JWS, consider the definition from the RFC 7515:
kid
(密钥ID)标头参数是一个提示,指示哪个密钥
用于保护JWS.此参数允许发起者执行以下操作:
明确向接收者发送密钥更改通知.的结构
kid
值未指定.其值必须区分大小写
细绳.此标头参数的使用是可选的.
The kid
(key ID) Header Parameter is a hint indicating which key
was used to secure the JWS. This parameter allows originators to
explicitly signal a change of key to recipients. The structure of the
kid
value is unspecified. Its value MUST be a case-sensitive
string. Use of this Header Parameter is OPTIONAL.
与JWK一起使用时,kid
值用于匹配JWK kid
参数值.
When used with a JWK, the kid
value is used to match a JWK kid
parameter value.
这篇关于“孩子"的意思是什么?在JWT令牌中索赔?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!