[英]how to add claims in jwt using jose-jwt
i am using jose jwt library to creating jwt token, i am not sure how i can i use the claims tag in the payload. 我正在使用jose jwt库创建jwt令牌,我不确定如何在有效负载中使用Claims标签。 i want to store user name and some other data related to it.
我想存储用户名和与其相关的其他数据。 below is the code which i am using to generate code
下面是我用来生成代码的代码
byte[] secretKey = Base64UrlDecode("-----BEGIN PRIVATE KEY-----");
DateTime issued = DateTime.Now;
DateTime expire = DateTime.Now.AddHours(10);
var payload = new Dictionary<string, object>()
{
{"iss", "service email"},
{"aud", "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"},
{"sub", "service email"},
{"iat", ToUnixTime(issued).ToString()},
{"exp", ToUnixTime(expire).ToString()}
};
string token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256);
return token;
The JWT specification talks about three types of claims: Registered, Public and Private. JWT规范讨论了三种类型的声明: 注册的,公开的和私有的。
Registered 注册
The usual ones such as iss
, sub
, exp
, etc. 常见的诸如
iss
, sub
, exp
等。
Public claims 公开声明
The IANA JWT Claims Registry is used to specify the claims that should be used publicly to standardize them between services. IANA JWT索赔注册中心用于指定应公开使用的索赔,以使服务之间的索赔标准化。 These contains lots of useful ones such as
name
, email
, address
, etc. 这些包含许多有用的
name
,例如name
, email
, address
等。
Private claims 私人索赔
If you are only using your token within your own application or between known applications you could actually add whatever claims you want. 如果仅在自己的应用程序中或在已知的应用程序之间使用令牌,则可以实际添加任何所需的声明。
It might be a good idea to avoid using claims from the IANA JWT Claims Registry for other purposes though (ie don't use name
to store the users username). 最好避免使用IANA JWT索赔注册处的索赔用于其他目的(即不要使用
name
来存储用户名)。
So in your case your code could simply be like this to add the username (with the claim from the IANA registry) 因此,在您的情况下,您的代码可以像这样添加用户名(带有IANA注册中心的声明)
byte[] secretKey = Base64UrlDecode("-----BEGIN PRIVATE KEY-----");
DateTime issued = DateTime.Now;
DateTime expire = DateTime.Now.AddHours(10);
var payload = new Dictionary<string, object>()
{
{"iss", "service email"},
{"aud", "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"},
{"sub", "service email"},
{"iat", ToUnixTime(issued).ToString()},
{"exp", ToUnixTime(expire).ToString()},
{"preferred_username", "MyAwesomeUsername"}
};
string token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256);
return token;
Though if it's only for internal use I would probably go with just username
or usr
myself. 虽然如果仅用于内部用途,我可能只使用
username
或usr
。
Another thing to remember (and that many get wrong) is that JWT isn't encrypting anything. 要记住的另一件事(很多错误)是,JWT没有加密任何东西。 The content is base64 encoded but anyone that get hold of your token can read everything in it.
内容是使用base64编码的,但是任何持有令牌的人都可以读取其中的所有内容。 So make sure to not put anything sensitive in them if there is even a slight chance that a user can see them.
因此,如果用户看到它们的机会很小,请确保不要在其中放入任何敏感物品。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.