search

dwyl / learn-json-web-tokens

:closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)
MIT License
4.18k stars 254 forks source link

misleading information on jwt fields #94

Open deddu opened 5 years ago

deddu commented 5 years ago 
sub: subject of the token (rarely used)

Sub should be your userID, and you should use it as such.

those fields are used in openId and it is a good idea to at least mention it and update at least the mandatory fields.

sub REQUIRED. Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII characters in length. The sub value is a case sensitive string.

your users will change names and such, but the ID will stay constant. This is a very very very important field.

nelsonic commented 5 years ago

@deddu Pull Request very much welcome to improve the clarity of the sub field. 👍