所有这些领域意味着什么？

Question

进行跨平台身份验证时，您可以使用GoogleApiClient从Android应用中获取ID令牌，您可以将其提供给后端服务器。然后，服务器将首先使用以下URL验证令牌：

{
 "iss": "https://accounts.google.com",
 "sub": "110169484474386276334",
 "azp": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
 "email": "billd1600@gmail.com",
 "at_hash": "X_B3Z3Fi4udZ2mf75RWo3w",
 "email_verified": "true",
 "aud": "1008719970978-hb24n2dstb40o45d4feuo2ukqmcc6381.apps.googleusercontent.com",
 "iat": "1433978353",
 "exp": "1433981953"
}

如果令牌已正确签名且iss和exp声明具有预期值，您将收到HTTP 200响应，其中正文包含JSON格式的ID令牌声明。这是一个示例回复：

cat /proc/net/tcp

除电子邮件外，所有这些字段的含义是什么？

Answer 1

Claims contains a set of name/value pairs

1. iss: The issuer of the token
2. sub: The subject of the token.An identifier for the user, unique among all Google accounts and never reused.
3. azp: The client_id of the authorized presenter.
4. at_hash: Access token hash. Provides validation that the access token is tied to the identity token.
5. email_verified: True if the user's e-mail address has been verified; otherwise false.
6. aud: Identifies the audience that this ID token is intended for. It must be one of the OAuth 2.0 client IDs of your application.
7. iat: The time the ID token was issued, represented in Unix time (integer seconds).
8. exp: The time the ID token expires, represented in Unix time (integer seconds).

See: https://developers.google.com/identity/protocols/OpenIDConnect for more details.