I am building a .Net Core app and i am trying to fully understand the concept of Principal. From what i have read, a Principal is a combination of a user with its respective roles. So i tought: when i try to authenticate myself on an API using a JWT, for example, the principal would be my username and roles that i send to this API via the JWT.
But then i was reading about the "audience" part of a JWT, and i found this:
2020欧洲杯手机版注册Audience: Identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the aud claim when this claim is present, then the JWT must be rejected.
What i didnt understand is how would the Principal proccess the JWT since it is something related to the user, or the client side? Is the Principal something located on server side? Or what did i get wrong?