Comments (9)
Ah I see. Well, the RFC has nothing to do with users at all. It is about transferring abstract claims in a secure fashion.
From the RFC:
The "aud" (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT MUST identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the "aud" claim when this claim is present, then the JWT MUST be rejected.
So whoever or whatever is decoding the JWT should already be expecting a particular value for aud
that was arranged out-of-band. So no, aud
is not intended for user roles. In my opinion, a user role would be a good fit for a custom claim (named something like user_role
). However, this depends on what you are using the JWT for. In general these decisions are made at an architectural-level and then are implemented by both a server and a set of clients.
from ruby-jwt.
This library implements RFC7519. See Section 4.1.3 for the description of the aud
claim.
https://tools.ietf.org/html/rfc7519#section-4.1.3
In practical use, this tends to be the "client id" or "client key" of the application that the JWT is intended to be used by. It allows the client to verify that the JWT was sent by someone who actually knows who they are.
from ruby-jwt.
Ok, so roles like admin
, guest
, etc don't fit here, i guess?
from ruby-jwt.
It's difficult for me to guess what you mean by "don't fit here". This library will not stop you from putting { 'aud' => 'guest' }
into a hash and encoding it as a JWT.
What are you trying to do with JWTs?
from ruby-jwt.
This isnt really library specific. I'm just trying to understand if setting the user role type into the aud
key meets the RFC. Is the aud
intended for that purpose?
from ruby-jwt.
Thanks a lot for that explanation. Clears things up a bit
from ruby-jwt.
Np 😄
from ruby-jwt.
Where is the aud set? Is it set by the token issuer or by app requesting the token?
from ruby-jwt.
It is set by the token issuer, but it is totally optional.
from ruby-jwt.
Related Issues (20)
- Bug: undefined method `casecmp' for nil:NilClass when invalid alg
- Support x5t in place of kid
- verification of at_hash == access_token HOT 4
- OpenSSL 3 - Unable to create OpenSSL::PKey instances from pem/der/asn sequences HOT 1
- Alg optional member Readme HOT 5
- Yeah steady stay
- 50
- 100 HOT 2
- How should I verify JWS with x5c certs with no CRL? HOT 6
- جدة
- JWT not being signed HOT 2
- Deprecation warning for invalid base64 should only be issued if fixed base64 is valid HOT 2
- شارع الربعين HOT 5
- H
- eyJhbGciOiJub25lIn0.eyJhZGRyZXNzIjp7InppcGNvZGUiOm51bGwsInN0cmVldG5vIjpudWxsLCJjaXR5IjoiQUwtQUZMQUciLCJzdHJlZXQiOm51bGx9LCJ0b2tlblVVSUQiOiI3Zjk1Yzc0ZDA3Y2M0OGI1OWNlNzhlYzBlZTU.
- T
- ExpiredSignature should perhaps not be a subclass of DecodeError HOT 2
- 1500 HOT 2
- غبيرا
- سحب
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ruby-jwt.