在具有JSON Web令牌的系统上使用有效负载的"Sub"和"Aud"声明时 [英] When used Sub and Aud Claim of payload on a system with JSON Web Token
问题描述
我正在进行测试,以通过使用JSON Web令牌来理解和实现用户授权系统.
I'm conducting tests to understand and implement a system of user authorization through the use of JSON Web Token.
在寻找有关令牌配置的信息时,我对使用两个索赔有效载荷","Sub"和"Aud"产生了一些疑问.
Looking for information about the configuration of a token arises me a couple of questions about the use of two Claim Payload, the Sub and Aud.
{
"iss": "www.miweb.com", // issuer
"iat": 1455550200, // time was issued
"exp": 1455559810, // expiration timestamp
"nbf": 1455550260, // not before
"jti": "31d6cfe0d16ae931b73c59d7e0c089c0", // unique identifier
"sub": "", // ¿subject?
"aud": "", // ¿?
"data": {/* attached data */}
}
从我观察到的情况来看,很少使用这两种说法.然后我的问题是:
From what I've observed is rarely used these two claim. My question then is:
什么情况可以使用?出于什么目的?
非常感谢,问候
用西班牙语StackOverflow问题写的相同内容: https://es.stackoverflow.com/q/11786/5984
Same written in Spanish StackOverflow question: https://es.stackoverflow.com/q/11786/5984
Ps:很抱歉,语言不是域名.
Ps: Sorry for the language, not domain.
代码中注释的翻译
推荐答案
主题('sub')声明标识用户或应用程序(如果客户凭据流).
受众('aud')声明指出了为谁发行令牌
The Subject ('sub') claim identifies the user or application (in case of client credentials flow) that was authenticated.
The Audience ('aud') claim indicates who the token is issued for.
假设我的客户端应用程序需要代表user X调用service A.
Suppose my client application needs to call service A of behalf of user X.
通常,我的应用程序将与授权服务器通信以验证用户身份(例如,使用
Typically, my application would communicate with the authorization server to authenticate the user (for example using one of the OAuth2 grant flows) and request access to service X. The authorization server would authenticate the user and ask for consent.
如果用户同意,则授权服务器将发出JWT令牌,该令牌具有user X唯一的主题声明和指示service A的受众声明.
If the user gives consent, the authorization server will issue a JWT token with a subject claim unique for user X and an audience claim indicating service A.
这篇关于在具有JSON Web令牌的系统上使用有效负载的"Sub"和"Aud"声明时的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
