« JWT » : différence entre les versions
| Ligne 61 : | Ligne 61 : | ||
| exp || EXPiration time || date à partir de laquelle le token ne sera plus accepté | | exp || EXPiration time || date à partir de laquelle le token ne sera plus accepté | ||
|} | |} | ||
== Azure == | |||
{| class="wikitable wtp wtmono1" | {| class="wikitable wtp wtmono1" | ||
|- | |- | ||
| acr || Authentication Context class Reference || 0 : l'authentification ne respecte pas la norme ISO/IEC 29115 | | acr || Authentication Context class Reference || 0 : l'authentification ne respecte pas la norme ISO/IEC 29115 | ||
|- | |- | ||
| amr || Authentication Method || pwd | | amr || Authentication Method || pwd | ||
| Ligne 75 : | Ligne 76 : | ||
* 0 : client publique | * 0 : client publique | ||
* 1 : si le client ID et le client secret sont utilisés | * 1 : si le client ID et le client secret sont utilisés | ||
|- | |- | ||
| oid || Object ID || ID unique de l'utilisateur | | oid || Object ID || ID unique de l'utilisateur | ||
|- | |- | ||
| scp || Scope || user_impersonation | | scp || Scope || user_impersonation | ||
|- | |- | ||
| tid || Tenant ID || | | tid || Tenant ID || | ||
|} | |} | ||
Version du 7 mars 2024 à 13:28
Description
JSON Web Token
Access token
Access tokens are used to inform an API that the bearer of the token has been authorized to access the API and perform a predetermined set of actions specified by the scope. It is used to authorize API access.
The token is generated after a user successfully authenticates and authorizes access.
It does not contain any information about the user itself besides their ID (sub).
It only contains authorization information about which actions the application is allowed to perform at the API (scope).
This is what makes it useful for securing an API, but not for authenticating a user.
An access token is put in the Authorization header of your request, then the API verifies the token and grant access regarding the scope.
| token key | description |
|---|---|
| scope | list of authorized accesses |
| sub | subject: unique identifier of the user |
ID token
OpenID Connect always issues ID tokens along with access tokens to provide compatibility with OAuth.
ID token carries personal information about end-users that authenticate on an OpenID Connect flow.
| token key | description |
|---|---|
| aud | audience: an id of the application that should consume the token |
| auth_time | date of the authentication |
| iss | url of the issuer of the token (AWS cognito, AAD) |
| sub | subject: unique identifier of the user |
Token keys
| token key | description |
|---|---|
| auth_time | date of the authentication (nb of seconds since Epoch: 1970-01-01T00:00:00Z UTC) |
| exp | expiration time |
| iat | issued at: token creation date |
| iss | url of the issuer of the token (AWS cognito, AAD) |
Content token
| aud | AUDience | https://*.onmicrosoft.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx xxx=AppId |
| iss | ISSuer | https://sts.windows.net/yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy/ yyy= |
| iat | Issued AT | date de la demande. Nombre de secondes depuis Epoch (1970-01-01T00:00:00Z UTC) |
| nbf | Not BeFore | date avant laquelle le token ne doit pas être utilisé |
| exp | EXPiration time | date à partir de laquelle le token ne sera plus accepté |
Azure
| acr | Authentication Context class Reference | 0 : l'authentification ne respecte pas la norme ISO/IEC 29115 |
| amr | Authentication Method | pwd |
| appid | APPlication ID | Application ID dans Azure AD Applications |
| appidacr | APPlication Authentication Context class Reference |
|
| oid | Object ID | ID unique de l'utilisateur |
| scp | Scope | user_impersonation |
| tid | Tenant ID |
