JWT 中的 aud 字段是什么意思 网上给出的解释都是 [接收 jwt 的一方] ,那具体怎么理解那?
1
wei745359223 2018-12-14 11:18:26 +08:00
应该就是申请这个 token 的 client 信息 比如 IP 啥的?
|
2
reus 2018-12-14 11:30:52 +08:00
audience
用户 id 应该放这里的。 |
3
jimzhong 2018-12-14 11:56:45 +08:00 1
|
4
xomix 2018-12-14 11:57:57 +08:00
// Audience(s) that this ID Token is intended for. It MUST contain the OAuth 2.0
// client_id of the Relying Party as an audience value. It MAY also contain identifiers // for other audiences. In the general case, the aud value is an array of case sensitive // strings. In the common special case when there is one audience, the aud value // MAY be a single case sensitive string. 客户端信息 |
5
Vegetable 2018-12-14 12:02:53 +08:00
The "aud" (audience) claim identifies the recipients that the JWT is
intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected. In the general case, the "aud" value is an array of case- sensitive strings, each containing a StringOrURI value. In the special case when the JWT has one audience, the "aud" value MAY be a single case-sensitive string containing a StringOrURI value. The interpretation of audience values is generally application specific. Use of this claim is OPTIONAL. |