Include sub claim in client credentials JWTs? (RFC 9068) · JanssenProject/jans · Discussion #11402 (original) (raw)

Spec refers to access token as JWT. AS includes sub claim.
(You can validate it with AccessTokenAsJwtHttpTest)

image

Access Token JWT

eyJraWQiOiJjb25uZWN0XzJiZGI5ZTgyLTNjNTQtNDc2MC1iNTRlLTNlMGE5YTQ4MWU4Zl9zaWdfcnMyNTYiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJCMUYzLUFFQUUtQjc5OCIsImlzcyI6Imh0dHBzOi8vamVua2lucy1idWlsZC5qYW5zLmlvIiwidG9rZW5fdHlwZSI6IkJlYXJlciIsImNsaWVudF9pZCI6ImZiMjE3ZmY0LTdhNWUtNDBlMC04YjNlLWVhOThlYWNiNjRhOCIsImF1ZCI6ImZiMjE3ZmY0LTdhNWUtNDBlMC04YjNlLWVhOThlYWNiNjRhOCIsImFjciI6ImJhc2ljIiwieDV0I1MyNTYiOiIiLCJuYmYiOjE3NDcxMjczOTEsInNjb3BlIjpbImFkZHJlc3MiLCJwaG9uZSIsIm9wZW5pZCIsInVzZXJfbmFtZSIsInByb2ZpbGUiLCJlbWFpbCJdLCJhdXRoX3RpbWUiOjE3NDcxMjczOTAsImV4cCI6MTc0NzEyNzY5MSwiaWF0IjoxNzQ3MTI3MzkxLCJqdGkiOiJyWDMySzRMWFFrbUE2OVFkWm1GVFlRIiwidXNlcm5hbWUiOiJKYW5zIEF1dGggVGVzdCBVc2VyIiwic3RhdHVzIjp7InN0YXR1c19saXN0Ijp7ImlkeCI6MTgsInVyaSI6Imh0dHBzOi8vamVua2lucy1idWlsZC5qYW5zLmlvL2phbnMtYXV0aC9yZXN0djEvc3RhdHVzX2xpc3QifX19.ZM_0haqtiL3EyGDFe7JOqXSmxT0ewIIEfdYj_6rL9WfcEBGQGn1WGW1mUsDE4srkktPly6ntc4ObAJt69Oc1YZcf6Dy9XgS9AZ0MhXGvzuBbhoOzfQzJd8gViEzyt2M9wUVjoPmG-3Cg94Z5ReFCbcKoKHdCBFbCedwVB5J_YGHwSs__8FqrC_27f8O1Qsy9jf7xiDIannd0be50SQ8DpZgrwza1zK6D7woyxoxU-2tFJGHyhzNH2QfLeD3nZTIbNQq_xroIPviut8GCpvQUlzz1jeFYs4OxrwS5mAGvD3q5ynqwOFQr-Mp6YKhLMwnD3lWcK6VeyGj71L7N70lF_A

Decoded payload

{
  "sub": "B1F3-AEAE-B798",
  "iss": "https://jenkins-build.jans.io",
  "token_type": "Bearer",
  "client_id": "fb217ff4-7a5e-40e0-8b3e-ea98eacb64a8",
  "aud": "fb217ff4-7a5e-40e0-8b3e-ea98eacb64a8",
  "acr": "basic",
  "x5t#S256": "",
  "nbf": 1747127391,
  "scope": [
    "address",
    "phone",
    "openid",
    "user_name",
    "profile",
    "email"
  ],
  "auth_time": 1747127390,
  "exp": 1747127691,
  "iat": 1747127391,
  "jti": "rX32K4LXQkmA69QdZmFTYQ",
  "username": "Jans Auth Test User",
  "status": {
    "status_list": {
      "idx": 18,
      "uri": "https://jenkins-build.jans.io/jans-auth/restv1/status_list"
    }
  }
}