Overview#Sub (for Subject) is a Claim used in various Tokens OpenID Connect Identity Token Sub is a Subject Identifier is a locally unique and never re-assigned identifier within the Issuer for the Authenticated Entity, which is intended to be consumed by the OAuth Client. Two Subject Identifier types are defined by OpenID Connect:
- public - provides the same sub (subject) value to all OAuth Client. It is the default if the provider has no subject_types_supported element in its discovery document.
- pairwise - provides a different Sub value to each OAuth Client, so as not to enable OAuth Client to correlate the End-User's activities without permission.
Sub MUST NOT exceed 255 ASCII characters in length.
Sub Sub value is a Case-sensitive string.Reserved Claim Name identifies the principal that is the subject of the JSON Web Token.
More Information#There might be more information for this subject on one of the following:
- Act (Actor) Claim
- Apple ID
- Authentication Request
- FLAIM Block Cache
- FLAIM Entry Cache
- Identity Token
- Identity Token Claims
- JSON Web Token Claims
- JSON Web Tokens
- Logout Token
- May_act (May Act For) Claim
- OAuth Scope Example
- OpenID Connect Back-Channel Logout
- OpenID Connect Federation
- OpenID Connect Standard Claims
- Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
- Reserved Claim Name
- Self-Issued OpenID Provider
- UserInfo Response
- Web Blog_blogentry_031017_1
- Web Blog_blogentry_300717_1