What is difference between private and public claims on jwt
Question
What is difference between private and public claims on jwt?
I'm confused with the difference between those two claims. From what I understand they are both custom claims. So what is the difference?
2 answers
solution1
5 2018-03-11 01:59:17
Public claims
Custom claim names that are required to be collision resistant. Their names should be UUIDs or prefixed by a URL to create a safe namespace for them and avoid collisions.
Private claims
Custom claim names that are not required to be collision resistant.
What is difference between private and public claims on jwt?
Only difference is public claims are required to be universally collision resistant while private claims are not.
solution2
0 2018-07-24 16:53:01
Public claims are like public API that defined for public consumption. They should be well documented. RFC7519 defines several ways to do it.
- You can register public claim name in the public IANA "JSON Web Token Claims" registry specified in RFC. There is whole process of approval around it. See section 10.1 https://tools.ietf.org/html/rfc7519#section-10.1
- You have to make sure that public claim name is collision-resistant, ie are highly unlikely to collide with other names. Examples are UUID , OID or Domain names
Private claims are claims that are known only to the producer and consumer of a JWT. Private claim names are not collision-resistant and should be used with clear understanding of this and care...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.