stackoom
  简体   繁体   中英

how to add claims in jwt using jose-jwt

 原文  2016-07-28 09:33:34       c#/ json/ jwt

Question

i am using jose jwt library to creating jwt token, i am not sure how i can i use the claims tag in the payload. i want to store user name and some other data related to it. below is the code which i am using to generate code 

        byte[] secretKey = Base64UrlDecode("-----BEGIN PRIVATE KEY-----");
        DateTime issued = DateTime.Now;
        DateTime expire = DateTime.Now.AddHours(10);

        var payload = new Dictionary<string, object>()
        {
            {"iss", "service email"},
            {"aud", "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"},
            {"sub", "service email"},
            {"iat", ToUnixTime(issued).ToString()},
            {"exp", ToUnixTime(expire).ToString()}
        };

        string token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256);

        return token;

1 answers

solution1
 2 ACCPTED  2016-07-28 09:57:38

The JWT specification talks about three types of claims: Registered, Public and Private.

Registered

The usual ones such as iss , sub , exp , etc.

Public claims

The IANA JWT Claims Registry is used to specify the claims that should be used publicly to standardize them between services. These contains lots of useful ones such as name , email , address , etc.

Private claims

If you are only using your token within your own application or between known applications you could actually add whatever claims you want.

It might be a good idea to avoid using claims from the IANA JWT Claims Registry for other purposes though (ie don't use name to store the users username).

So in your case your code could simply be like this to add the username (with the claim from the IANA registry) 

byte[] secretKey = Base64UrlDecode("-----BEGIN PRIVATE KEY-----");
DateTime issued = DateTime.Now;
DateTime expire = DateTime.Now.AddHours(10);

var payload = new Dictionary<string, object>()
{
    {"iss", "service email"},
    {"aud", "https://identitytoolkit.googleapis.com/google.identity.identitytoolkit.v1.IdentityToolkit"},
    {"sub", "service email"},
    {"iat", ToUnixTime(issued).ToString()},
    {"exp", ToUnixTime(expire).ToString()},
    {"preferred_username", "MyAwesomeUsername"}        
};

string token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256);

return token;

Though if it's only for internal use I would probably go with just username or usr myself.

Another thing to remember (and that many get wrong) is that JWT isn't encrypting anything. The content is base64 encoded but anyone that get hold of your token can read everything in it. So make sure to not put anything sensitive in them if there is even a slight chance that a user can see them.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Encryption with public key in Jose-JWT JWT token generated with jose-jwt and jwt.io c# Jose-Jwt: Signed and Encrpyt from KeyPair string c# JWT load ES256 PEM file into CngKey (jose-jwt) JWT How to add custom claims and decode claims How to add custom claims to Jwt Token in OpenIdConnect in .Net Core How to get user claims by using JWT Bearer token How to check privileges in JWT using Claims in ASP.NET Core? How to consume JWT access token and user claims using RestSharp How do I add custom user claims in JWT and user principal when using Microsoft.AspNetCore.ApiAuthorization.IdentityServer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM