在具有JSON Web令牌的系统上使用有效负载的"Sub"和"Aud"声明时 [英] When used Sub and Aud Claim of payload on a system with JSON Web Token
问题描述
我正在进行测试,以通过使用JSON Web令牌来理解和实现用户授权系统.
I'm conducting tests to understand and implement a system of user authorization through the use of JSON Web Token.
在寻找有关令牌配置的信息时,我对使用两个索赔有效载荷","Sub"和"Aud"产生了一些疑问.
Looking for information about the configuration of a token arises me a couple of questions about the use of two Claim Payload, the Sub and Aud.
{
"iss": "www.miweb.com", // issuer
"iat": 1455550200, // time was issued
"exp": 1455559810, // expiration timestamp
"nbf": 1455550260, // not before
"jti": "31d6cfe0d16ae931b73c59d7e0c089c0", // unique identifier
"sub": "", // ¿subject?
"aud": "", // ¿?
"data": {/* attached data */}
}
从我观察到的情况来看,很少使用这两种说法.然后我的问题是:
From what I've observed is rarely used these two claim. My question then is:
什么情况可以使用?出于什么目的?
非常感谢,问候
用西班牙语StackOverflow问题写的相同内容: https://es.stackoverflow.com/q/11786/5984
Same written in Spanish StackOverflow question: https://es.stackoverflow.com/q/11786/5984
Ps:很抱歉,语言不是域名.
Ps: Sorry for the language, not domain.
代码中注释的翻译
推荐答案
主题('sub'
)声明标识用户或应用程序(如果客户凭据流).
受众('aud'
)声明指出了为谁发行令牌
The Subject ('sub'
) claim identifies the user or application (in case of client credentials flow) that was authenticated.
The Audience ('aud'
) claim indicates who the token is issued for.
假设我的客户端应用程序需要代表user X
调用service A
.
Suppose my client application needs to call service A
of behalf of user X
.
通常,我的应用程序将与授权服务器通信以验证用户身份(例如,使用
Typically, my application would communicate with the authorization server to authenticate the user (for example using one of the OAuth2 grant flows) and request access to service X
. The authorization server would authenticate the user and ask for consent.
如果用户同意,则授权服务器将发出JWT令牌,该令牌具有user X
唯一的主题声明和指示service A
的受众声明.
If the user gives consent, the authorization server will issue a JWT token with a subject claim unique for user X
and an audience claim indicating service A
.
这篇关于在具有JSON Web令牌的系统上使用有效负载的"Sub"和"Aud"声明时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!