33
@leastprivilege
Example: Access Token
{
"typ": "at+jwt",
"alg": "RS256"
"kid": "1"
}
{
"iss": "https://issuer",
"nbf": 1340819020,
"exp": 1340819380,
"aud": "invoicing",
"client_id": "external",
"scope": "invoicing.delivery"
}
External (M2M)
{
"iss": "https://issuer",
"nbf": 1340818761,
"exp": 1340819380,
"aud": [ "orders", "invoicing" ],
"client_id": "backoffice",
"scope": [ "orders", "invoicing.management" ]
"sub": "182jmm199",
"amr": [ "pwd" ]
}
{
"typ": "at+jwt",
"alg": "RS256"
"kid": "1"
}
Back-Office (user centric)