OIDC JWT 身份声明(例如电话号码或电子邮件)可以是多个吗?

Can a OIDC JWT identity claim (such as phonenumber or email) be multiple?

请问,这样的 OIDC JWT 负载有效吗?

{
   "sub"                     : "alice",
   "email"                   : ["alice@wonderland.net", "alice@wherever.com"],
   ...
}

阅读官方RFC,我只能发现键(subemail等)必须是唯一的,但没有关于值的信息。

email 声明必须是字符串。所以数组不是有效值,根据 OpenID Connect Core 1.0 spec(格式是我的):

email
string

End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 addr-spec syntax. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.

RFC 5322中,addr-spec语法定义如下:

An addr-spec is a specific Internet identifier that contains a locally interpreted string followed by the at-sign character (@, ASCII value 64) followed by an Internet domain. [...]

addr-spec       =   local-part "@" domain

local-part      =   dot-atom / quoted-string / obs-local-part

domain          =   dot-atom / domain-literal / obs-domain

domain-literal  =   [CFWS] "[" *([FWS] dtext) [FWS] "]" [CFWS]

dtext           =   %d33-90 /          ; Printable US-ASCII
                    %d94-126 /         ;  characters not including
                    obs-dtext          ;  "[", "]", or "\" ```