Azure AD JWT令牌:如何查看通过哪个客户端机密授予了它 [英] Azure AD JWT token: how to see through which client secret it was granted
问题描述
我有一个Azure AD应用程序,并生成了两个客户端机密.我可以使用每个机密(通过client_credentials
授予)获取JWT访问令牌,但是我还可以从JWT令牌中看到通过哪个客户端机密请求它的请求吗?
I have an Azure AD application and have generated two client secrets. I can get a JWT access token using each secret (via client_credentials
grant) but can I also see from the JWT token via which client secret it was requested?
如果我检查返回的JWT令牌,则某些有效负载字段始终相同(aud
,iss
等),而某些始终不同(iat
,nbf
,aio
等) ),但据我所知,没有任何信息可以标识出所使用的客户端机密.
If I inspect the JWT tokens I get back, some payload fields are always the same (aud
, iss
, etc) and some are always different (iat
, nbf
, aio
, etc) but there is no info as far as I can tell that identifies the client secret that was used.
以下是有效负载示例:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/e402c5fb-58e9-48c3-b567-741c4cef0b96/",
"iat": 1516886787,
"nbf": 1516886787,
"exp": 1516890687,
"aio": "Y2NgYEjJqF0stqv73u41a6ZmxPEvBgA=",
"app_displayname": "TravelAgencies",
"appid": "ee8cf944-bf6f-42cf-ae30-6060412416a1",
"appidacr": "2",
"e_exp": 262800,
"idp": "https://sts.windows.net/e402c5fb-58e9-48c3-b567-741c4cef0b96/",
"oid": "bc430bc6-d9fb-4fa0-87e5-8b8803fcb222",
"sub": "bc430bc6-d9fb-4fa0-87e5-8b8803fcb222",
"tid": "e402c5fb-58e9-48c3-b567-741c4cef0b96",
"uti": "1TgusyfGtECjErT0Kv4PAA",
"ver": "1.0"
}
相关说明:aio
,e_exp
和uti
字段分别用于什么?我找不到关于它们的任何信息.
On a related note: what are the aio
, e_exp
and uti
fields for? I can't find any information on them.
推荐答案
您看不到令牌是通过哪个客户端机密发行的.问它是哪个秘密的原因是什么?
You can't see through which client secret has the token been issued. What is the reason for asking through which secret it was?
关于提供的声明-您可以检查不同的声明是什么意思.例如,iat
,nbf
只是日期-颁发令牌的日期和有效期的开始时间.
Regarding provided claims - you can check here and here what the different claims mean. For exampe the iat
, nbf
are just dates - when the token was issued and the validity begin time.
对于某些声明,例如aio
,没有文档.但是没有任何声称可以告诉您使用了哪个秘密.
For some of the claims, like aio
there is no documentation. But there is no claim to show you which secret was used.
这篇关于Azure AD JWT令牌:如何查看通过哪个客户端机密授予了它的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!