sub
Registry Context
The `sub` claim identifies the principal that is the subject of the JWT. It is optional. When present, its value must be locally unique within the issuer's context or globally unique.
Technical Summary
RFC 7519 Section 4.1.2 defines `sub` as a case-sensitive StringOrURI value identifying the principal that is the subject of the JWT. Its value must be scoped to be locally unique in the issuer's context or be globally unique. Use of the claim is optional.
When Used
When a JWT needs to identify the principal that is the subject of the token.
Normative Requirements
Unspecified actor
RFC 7519 - Section 4.1.2
The subject value must either be scoped to be locally unique in the context of the issuer or be globally unique..
Condition: When the `sub` claim is used.
The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique.
RFC 7519 - Section 4.1.2
Include the `sub` claim..
Use of this claim is OPTIONAL.
Validation Guidance
If `sub` is present, verify that its value is scoped to be locally unique in the issuer's context or is globally unique.
If `sub` is present, verify that it is a case-sensitive string containing a StringOrURI value.
Allow the `sub` claim to be absent.
Reference
Details
- Entry Id
sub- Claim Name
sub- Claim Description
Subject- Change Controller
IESG- Reference
RFC7519 - Section 4.1.2