Reputation: 175
What is actor token in Microsoft.IdentityModel.Tokens?
documentation, also class TokenValidationParameters contains property
TokenValidationParameters ActorValidationParameters { get; set; }
with summary "Gets or sets a value indicating if an actor token is detected, whether it should be validated".
Is it related with this definition?
Upvotes: 2
Views: 4743
Answers (1)
Reputation: 387647
The actor claim (act) is part of the OAuth 2.0 Token Exchange specification. Token Exchange basically describes a general mechanism to obtain security tokens and especially covers impersonation and delegation. For this purpose, the actor claim is useful to identity the involved parties in a delegated scenario.
The current draft of the spec explains the claim like this:
The
"act"(actor) claim provides a means within a JWT to express that delegation has occurred and identify the acting party to whom authority has been delegated. The"act"claim value is a JSON object and members in the JSON object are claims that identify the actor. The claims that make up the"act"claim identify and possibly provide additional information about the actor. For example, the combination of the two claims"iss"and"sub"might be necessary to uniquely identify an actor.
For common OAuth purposes, you can ignore the claim and do not need to validate it.
Upvotes: 3
Related Questions
- JWT .NET Core implementation clarification required
- What is the purpose of JwtBearerOptions.SaveToken property in ASP.NET Core 2.0+?
- What Aud field indicates in JWT Token?
- What is the different between System.IdentityModel.Tokens & Microsoft.IdentityModel.Tokens? Which one should I use in an ASP.NET Core application?
- Token Based Authentication in Asp.Net Core 2
- Can someone explain HttpContext.Authentication.GetTokenAsync("access_token")
- asp.net core identity - 2 types of jwt tokens
- Microsoft.IdentityModel.Tokens: Add additonal claims
- Asp.net core Identity and Token Based Authetication
- What's the point of using JWTs with ASPNet.Identity?