Azure AD JWT token: how to see through which clien

2019-03-02 00:30发布

站内问答 / 移动开发
1935 1 6

I have an Azure AD application and have generated two client secrets. I can get a JWT access token using each secret (via client_credentials grant) but can I also see from the JWT token via which client secret it was requested?

If I inspect the JWT tokens I get back, some payload fields are always the same (aud, iss, etc) and some are always different (iat, nbf, aio, etc) but there is no info as far as I can tell that identifies the client secret that was used.

Here's an example payload:

{
  "aud": "https://graph.microsoft.com",
  "iss": "https://sts.windows.net/e402c5fb-58e9-48c3-b567-741c4cef0b96/",
  "iat": 1516886787,
  "nbf": 1516886787,
  "exp": 1516890687,
  "aio": "Y2NgYEjJqF0stqv73u41a6ZmxPEvBgA=",
  "app_displayname": "TravelAgencies",
  "appid": "ee8cf944-bf6f-42cf-ae30-6060412416a1",
  "appidacr": "2",
  "e_exp": 262800,
  "idp": "https://sts.windows.net/e402c5fb-58e9-48c3-b567-741c4cef0b96/",
  "oid": "bc430bc6-d9fb-4fa0-87e5-8b8803fcb222",
  "sub": "bc430bc6-d9fb-4fa0-87e5-8b8803fcb222",
  "tid": "e402c5fb-58e9-48c3-b567-741c4cef0b96",
  "uti": "1TgusyfGtECjErT0Kv4PAA",
  "ver": "1.0"
}

On a related note: what are the aio, e_exp and uti fields for? I can't find any information on them.

1条回答
狗以群分
2楼-- · 2019-03-02 00:52

You can't see through which client secret has the token been issued. What is the reason for asking through which secret it was?

Regarding provided claims - you can check here and here what the different claims mean. For exampe the iat, nbf are just dates - when the token was issued and the validity begin time.

For some of the claims, like aio there is no documentation. But there is no claim to show you which secret was used.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)