Overview#
Sub (for Subject) is a Claim used in various TokensOpenID Connect Identity Token#
OpenID Connect Identity Token Sub is a Subject Identifier is a locally unique and never re-assigned identifier within the Issuer for the Authenticated Entity, which is intended to be consumed by the OAuth Client. Two Subject Identifier types are defined by OpenID Connect:- public - provides the same sub (subject) value to all OAuth Client. It is the default if the provider has no subject_types_supported element in its discovery document.
- pairwise - provides a different Sub value to each OAuth Client, so as not to enable OAuth Client to correlate the End-User's activities without permission.
Sub MUST NOT exceed 255 ASCII characters in length.
Sub Sub value is a Case-sensitive string.
JSON Web Token#
The "sub" (subject) OPTIONAL Reserved Claim Name identifies the principal that is the subject of the JSON Web Token.The JSON Web Token Claim in a JWT are normally statements about the subject.
The subject value MUST either be scoped to be locally unique in the context of the JSON Web Token issuer or be Global unique.
The processing of this JSON Web Token Claim is generally application specific.
The "Sub" value is a Case-sensitive string containing a StringOrURI value.
More Information#
There might be more information for this subject on one of the following:- Act (Actor) Claim
- Apple ID
- Authentication Request
- Claim
- FLAIM Block Cache
- FLAIM Entry Cache
- Identity Token
- Identity Token Claims
- JSON Web Token Claims
- JSON Web Tokens
- Logout Token
- May_act (May Act For) Claim
- OAuth Scope Example
- OpenID Connect Back-Channel Logout
- OpenID Connect Claims
- OpenID Connect Federation
- OpenID Connect Standard Claims
- Prn
- Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)
- Reserved Claim Name
- Self-Issued OpenID Provider
- Subject
- UserInfo Response
