I am testing to understand and implement a user authorization system through the use of Json Web Token .
Looking for information about the configuration of a token, I have a couple of doubts about the use of two Claims of the Payload, the Sub and the Aud.
{
"iss": "www.miweb.com", // emisor
"iat": 1455550200, // emitido en
"exp": 1455559810, // expira
"nbf": 1455550260, // no usar antes de
"jti": "31d6cfe0d16ae931b73c59d7e0c089c0", // id único
"sub": "", // ¿asunto?
"aud": "", // ¿?
"data": {/* datos anexos */}
}
From what I have observed, these two claims are rarely used. My question then is:
In what scenario can it be used and for what purpose?
Thanks in advance, Regards
PS: The same question is on StackOverflow: https://stackoverflow.com/q/37634140/6272471