Azure AD JWT 令牌:如何查看授予它的客户端机密 [英] Azure AD JWT token: how to see through which client secret it was granted
问题描述
我有一个 Azure AD 应用程序并生成了两个客户端机密.我可以使用每个密钥(通过 client_credentials 授权)获取 JWT 访问令牌,但我还可以从 JWT 令牌中查看它是通过哪个客户端密钥请求的吗?
I have an Azure AD application and have generated two client secrets. I can get a JWT access token using each secret (via client_credentials grant) but can I also see from the JWT token via which client secret it was requested?
如果我检查我返回的 JWT 令牌,一些有效负载字段总是相同的(aud、iss 等),而一些总是不同的(iat、nbf、aio 等),但据我所知,没有任何信息可以识别所使用的客户端密码.
If I inspect the JWT tokens I get back, some payload fields are always the same (aud, iss, etc) and some are always different (iat, nbf, aio, etc) but there is no info as far as I can tell that identifies the client secret that was used.
这是一个示例负载:
{
"aud": "https://graph.microsoft.com",
"iss": "https://sts.windows.net/e402c5fb-58e9-48c3-b567-741c4cef0b96/",
"iat": 1516886787,
"nbf": 1516886787,
"exp": 1516890687,
"aio": "Y2NgYEjJqF0stqv73u41a6ZmxPEvBgA=",
"app_displayname": "TravelAgencies",
"appid": "ee8cf944-bf6f-42cf-ae30-6060412416a1",
"appidacr": "2",
"e_exp": 262800,
"idp": "https://sts.windows.net/e402c5fb-58e9-48c3-b567-741c4cef0b96/",
"oid": "bc430bc6-d9fb-4fa0-87e5-8b8803fcb222",
"sub": "bc430bc6-d9fb-4fa0-87e5-8b8803fcb222",
"tid": "e402c5fb-58e9-48c3-b567-741c4cef0b96",
"uti": "1TgusyfGtECjErT0Kv4PAA",
"ver": "1.0"
}
关于相关说明:aio、e_exp 和 uti 字段的用途是什么?我找不到关于他们的任何信息.
On a related note: what are the aio, e_exp and uti fields for? I can't find any information on them.
推荐答案
您看不到令牌是通过哪个客户端密码发出的.为什么要问是通过哪个秘密?
You can't see through which client secret has the token been issued. What is the reason for asking through which secret it was?
关于提供的声明 - 您可以查看 这里和 这里 不同声明的含义.例如,iat、nbf 只是日期 - 颁发令牌的时间和有效期开始时间.
Regarding provided claims - you can check here and here what the different claims mean. For exampe the iat, nbf are just dates - when the token was issued and the validity begin time.
对于某些声明,例如 aio 没有文档.但是没有声称可以告诉你使用了哪个秘密.
For some of the claims, like aio there is no documentation. But there is no claim to show you which secret was used.
这篇关于Azure AD JWT 令牌:如何查看授予它的客户端机密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
