用户登录时,uaa会颁发一个token给客户端,该token是一个JSON Web Token(JWT)
关于JWT的详细信息参考:http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-25
类似:
eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJmNzdiNTUxZi02NTU2LTRiN2YtYTcxNi1kODIzMjUxNDIzODIiLCJzdWIiOiIzNGNiZGYwYy0zYTc3LTQ2NzEtOGUyNS01YWRlYjBhNjRkZTAiLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwiY2xvdWRfY29udHJvbGxlci53cml0ZSIsIm9wZW5pZCIsInBhc3N3b3JkLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX2lkIjoiMzRjYmRmMGMtM2E3Ny00NjcxLThlMjUtNWFkZWIwYTY0ZGUwIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJlbWFpbCI6ImFkbWluQGNmLmNvbSIsImlhdCI6MTQxMzM2NjU4OSwiZXhwIjoxNDEzMzY3MTg5LCJpc3MiOiJodHRwOi8vdWFhLmNmLmNvbS9vYXV0aC90b2tlbiIsImF1ZCI6WyJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyIiwicGFzc3dvcmQiXX0
|
用uaac解析该token
$ uaac token decode eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJmNzdiNTUxZi02NTU2LTRiN2YtYTcxNi1kODIzMjUxNDIzODIiLCJzdWIiOiIzNGNiZGYwYy0zYTc3LTQ2NzEtOGUyNS01YWRlYjBhNjRkZTAiLCJzY29wZSI6WyJjbG91ZF9jb250cm9sbGVyLmFkbWluIiwiY2xvdWRfY29udHJvbGxlci5yZWFkIiwiY2xvdWRfY29udHJvbGxlci53cml0ZSIsIm9wZW5pZCIsInBhc3N3b3JkLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX2lkIjoiMzRjYmRmMGMtM2E3Ny00NjcxLThlMjUtNWFkZWIwYTY0ZGUwIiwidXNlcl9uYW1lIjoiYWRtaW4iLCJlbWFpbCI6ImFkbWluQGNmLmNvbSIsImlhdCI6MTQxMzM2NjU4OSwiZXhwIjoxNDEzMzY3MTg5LCJpc3MiOiJodHRwOi8vdWFhLmNmLmNvbS9vYXV0aC90b2tlbiIsImF1ZCI6WyJvcGVuaWQiLCJjbG91ZF9jb250cm9sbGVyIiwicGFzc3dvcmQiXX0
Note: no key given to validate token signature
jti: f77b551f-
6556
-4b7f-a716-d82325142382 # JWT ID,一个唯一ID,防止重放攻击
sub: 34cbdf0c-3a77-
4671
-8e25-5adeb0a64de0 # Subject,一般是局部唯一,或全局唯一的
scope: cloud_controller.admin cloud_controller.read cloud_controller.write openid password.write # 用户授权的权限范围
client_id: cf
cid: cf # ?
grant_type: password # 授权方式
user_id: 34cbdf0c-3a77-
4671
-8e25-5adeb0a64de0
user_name: admin
email: admin
@cf
.com
iat:
1413366589
# Issue At,该JWT颁发时间
exp:
1413367189
# Expiration Time,该JWT过期时间
iss: http:
//uaa.cf.com/oauth/token # Issuer 颁发机构
aud: openid cloud_controller password # Audience,受众,接收者,颁发给谁
|