CODEWITHSUNDEEP
authenticationjwt
OscarR
OscarR

Reputation: 163

When used Sub and Aud Claim of payload on a system with JSON Web Token

I'm conducting tests to understand and implement a system of user authorization through the use of JSON Web Token.

Looking for information about the configuration of a token arises me a couple of questions about the use of two Claim Payload, the Sub and Aud.

{
    "iss": "www.miweb.com", // issuer
    "iat": 1455550200, // time was issued
    "exp": 1455559810, // expiration timestamp
    "nbf": 1455550260, // not before
    "jti": "31d6cfe0d16ae931b73c59d7e0c089c0", // unique identifier

    "sub": "", // ¿subject?
    "aud": "", // ¿?

    "data": {/* attached data */}
}

From what I've observed is rarely used these two claim. My question then is:

What scenario can give use and for what purpose?

Thank you very much, greetings

Same written in Spanish StackOverflow question: https://es.stackoverflow.com/q/11786/5984

Ps: Sorry for the language, not domain.

Edited: Translation of comments in the code

Upvotes: 6

Views: 4232

Answers (1)

MvdD
MvdD

Reputation: 23436

The Subject ('sub') claim identifies the user or application (in case of client credentials flow) that was authenticated. The Audience ('aud') claim indicates who the token is issued for.

Suppose my client application needs to call service A of behalf of user X.

Typically, my application would communicate with the authorization server to authenticate the user (for example using one of the OAuth2 grant flows) and request access to service X. The authorization server would authenticate the user and ask for consent.

If the user gives consent, the authorization server will issue a JWT token with a subject claim unique for user X and an audience claim indicating service A.

Upvotes: 8

Related Questions