使用 JTI 声明的 JWT 令牌作为不透明令牌
Using jti claim of JWT tokens as an opaque token
我有一个用例,我需要从服务器获取 JWT 和 Opaque 令牌(用于测试目的)。但是只有 JWT 或 Opaque 令牌可以配置为在应用程序中检索。
我可以使用 JWT 的 jti 声明作为不透明令牌吗?。根据官方文档,jti 是每个 JWT 令牌的随机唯一 ID。所以我不需要编写任何逻辑来触发另一个更改配置的请求来获取不透明令牌。
根据官方文档
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The
identifier value MUST be assigned in a manner that ensures that there
is a negligible probability that the same value will be accidentally
assigned to a different data object; if the application uses multiple
issuers, collisions MUST be prevented among values produced by
different issuers as well. The "jti" claim can be used to prevent the
JWT from being replayed. The "jti" value is a case-sensitive string.
Use of this claim is OPTIONAL.
所以我们可以使用它:)
我有一个用例,我需要从服务器获取 JWT 和 Opaque 令牌(用于测试目的)。但是只有 JWT 或 Opaque 令牌可以配置为在应用程序中检索。
我可以使用 JWT 的 jti 声明作为不透明令牌吗?。根据官方文档,jti 是每个 JWT 令牌的随机唯一 ID。所以我不需要编写任何逻辑来触发另一个更改配置的请求来获取不透明令牌。
根据官方文档
The "jti" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object; if the application uses multiple issuers, collisions MUST be prevented among values produced by different issuers as well. The "jti" claim can be used to prevent the JWT from being replayed. The "jti" value is a case-sensitive string. Use of this claim is OPTIONAL.
所以我们可以使用它:)