To use Payload Claim Sub and Aud on a system with Json Web Token

Navigation
0

I am conducting tests to understand and implement a user authorization system through the use of Json Web Token .

Looking for information about the configuration of a token a couple of doubts arise about the use of two Claim Payload, the Sub and the Aud. 

{
    "iss": "www.miweb.com", // emisor
    "iat": 1455550200, // emitido en
    "exp": 1455559810, // expira
    "nbf": 1455550260, // no usar antes de
    "jti": "31d6cfe0d16ae931b73c59d7e0c089c0", // id único

    "sub": "", // ¿asunto?
    "aud": "", // ¿?

    "data": {/* datos anexos */}
}

From what I have observed, these two claims are little used. My question then is:

In which scenario can you use it and with what purpose?

Thanks in advance, Greetings

Pd .: The same question is in StackOverflow: link

    
asked by OscarR 03.06.2016 в 10:26
source

1 answer

0

Answered by MvdD at StackOverflow

The subject claim (1) ( 'sub' ) identifies the user or application (in the case of the flow of credentials of the client (2) that has been authenticated.) The claim audience (3) ( 'aud' ) indicates for that the token is issued.

Suppose that my client application has to call servicio A on behalf of usuario X .

Generally, my request would communicate with the authorization server to authenticate the user (for example, using one of the OAuth2 (4) grant flows) and request access to servicio X . The authorization server could authenticate the user and ask for consent.

If the user consents, the authorization server will issue a JWT token with a unique claim for the usuario X and an audience claim indicating servicio A .

  

Reference links:
  (1) tools.ietf.org/html/rfc7519#section-4.1.2
  (2) tools.ietf.org/html/rfc6749#section-1.3.4
  (3) tools.ietf.org/html/rfc7519#section-4.1.3
  (4) tools.ietf.org/html/rfc6749#section-1.2

    
answered by 05.06.2016 / 10:14
source
GROUP BY in SQLServer does not work the same as in MySQL how to make a join a pivot table?