概述
Casdoor是基于OAuth构建的,并使用令牌作为用户的OAuth令牌。
Access Token and ID Token
In Casdoor, the access_token and id_token are identical. Both tokens contain the same JWT payload with user information and claims. This is a design choice in Casdoor that simplifies token management.
This approach means:
- Both tokens contain the same user information and custom claims
- Both tokens can be used interchangeably for authentication and authorization
- The token format and expiration settings apply to both tokens equally
- You cannot configure separate claims for
access_tokenandid_token
Token Fields
以下是Casdoor中可用的令牌字段:
OwnerNameCreatedTimeApplicationOrganizationUserCodeAccessTokenExpireIn(令牌将在几小时后过期)Scope(授权范围)TokenType(例如,Bearer类型)
登录应用程序后,有三种生成JWT令牌的选项:
JWTJWT-EmptyJWT-CustomJWT-Standard
选项如下:JWT将生成一个包含所有用户字段的令牌,JWT-Empty将生成一个包含用户所有非空值的令牌,而JWT-Custom将生成一个包含自定义用户令牌字段的令牌(您可以在令牌字段中选择属性)。 JWT-Standard will generate a token with some standard OIDC token fields include email, phone, gender and Address (Address value in other format is not standard).
