问题
I just got the following result when I tried to do oauth2 to googleapi. Only one thing: I couldn't find what is id_token used for in documentation.
{
"access_token": "xxxx",
"token_type": "Bearer",
"expires_in": 3600,
"id_token": "veryverylongstring",
"refresh_token": "abcdefg"
}
回答1:
id_token is a JSON Web Token (JWT). If you decode it, you'll see it contains multiple assertions, including the ID of the user. See this answer for more details.
回答2:
id_token is used in OPEN_ID Connect protocol. Where the user is as authorized well as authenticated. Difference between authentication and authorization. http://www.differencebetween.net/technology/difference-between-authentication-and-authorization/ You will get id_token and access_token.
id_token contains the information about the user's Authentication. The ID token resembles the concept of an identity card, in a standard JWT format, signed by the OpenID Provider (OP). To obtain one the client needs to send the user to their OP with an authentication request.
Features of the ID token:
- Asserts the identity of the user, called subject in OpenID (sub).
- Specifies the issuing authority (iss).
- Is generated for a particular audience, i.e. client (aud).
- May contain a nonce (nonce).
- May specify when (auth_time) and how, in terms of strength (acr), the user was authenticated.
- Has an issue (iat) and expiration time (exp).
- May include additional requested details about the subject, such as name and email address.
- Is digitally signed, so it can be verified by the intended recipients. May optionally be encrypted for confidentiality.
The ID token statements, or claims, are packaged in a simple JSON object:
{
"sub" : "alice",
"iss" : "https://openid.c2id.com",
"aud" : "client-12345",
"nonce" : "n-0S6_WzA2Mj",
"auth_time" : 1311280969,
"acr" : "c2id.loa.hisec",
"iat" : 1311280970,
"exp" : 1311281970
}
来源:https://stackoverflow.com/questions/13875366/what-is-id-token-google-oauth