使用 JWT 进行身份验证时,自定义范围(permissions/claims)应该进入访问令牌还是 ID 令牌?
When authenticating with a JWT should custom scope(permissions/claims) go in access token or id token?
使用 JWT 进行身份验证时,自定义范围 (permissions/claims) 应该进入访问令牌还是 ID 令牌?看到它以两种方式完成但不确定什么是最佳实践。
我在 Auth0 社区团队工作,想联系我。在与特定用户合作时,您可以构建 scopes using Auth0 when an app requests permission to access a resource through an authorization server, it uses the scope parameter to specify what access it needs, and the authorization server uses the scope parameter to respond with the access that was actually granted (if the granted access was different from what was requested). From what I am reading it sounds like using scopes and claims 可能是这里的直接目标。我希望这对您有所帮助,但如果您有任何疑问,请告诉我!
使用 JWT 进行身份验证时,自定义范围 (permissions/claims) 应该进入访问令牌还是 ID 令牌?看到它以两种方式完成但不确定什么是最佳实践。
我在 Auth0 社区团队工作,想联系我。在与特定用户合作时,您可以构建 scopes using Auth0 when an app requests permission to access a resource through an authorization server, it uses the scope parameter to specify what access it needs, and the authorization server uses the scope parameter to respond with the access that was actually granted (if the granted access was different from what was requested). From what I am reading it sounds like using scopes and claims 可能是这里的直接目标。我希望这对您有所帮助,但如果您有任何疑问,请告诉我!