Registered claims

At the time of writing this book, these are the registered claims:

  • iss: The issuer of the token
  • sub: The subject information about the party this token is carrying information about
  • aud: The audience for the token
  • exp: The expiration time, after which the token is considered to be invalid
  • nbf: The not before (time), or the time before which the token is considered to be not valid yet
  • iat: The time at which the token was issued
  • jti: The token ID

Claims can also be categorized as public or private:

  • Private: Are those that are defined by users (consumers and producers) of the JWTs. In other words, these are ad hoc claims used for a particular case. As such, care must be taken to prevent collisions.
  • Public: Are claims that are either registered with the IANA JSON Web Token Claims Registry (a registry where users can register their claims and thus prevent collisions), or named using a collision resistant name (for instance, by prepending a namespace to its name).

To learn all about claims, please refer to the official website. Now, let's see a couple of code examples involving a subset of these claims.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset