Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Tokens

ID tokens

search

ID tokens

The ID token is a JSON Web Token (JWT) that contains user profile information, such as the user's name, email, and so on, represented in the form of claims. These claims are statements about the user, which can be trusted if the consumer of the token can verify the token signature.

An ID token is part of the OpenID Connect specification and is issued as a result of a valid authorization request with an openid scope. For more information, see OpenID Connect.

Example ID token

A JWT contains three sections: a header, a payload, and a signature. Only the header and payload sections are shown in the following example.

Header example

{
  "kid": "f463bf2c-81a6-4979-82a5-aa5d032b6fe5",
  "alg": "RS256"
}

Payload example

{
  "at_hash": "VoF7cDD8ojOOHC_0qpYrAw",
  "sub": "1c0e2c84-b05f-4c23-9175-c238f70901be",
  "email_verified": true,
  "gender": "male",
  "iss": "https://tenant.onewelcome.io/oauth",
  "preferred_username": "John Doe",
  "given_name": "John",
  "locale": "en",
  "aud": [
    "client_id",
    "https://resource-server.example.com"
  ],
  "name": "John Doe",
  "nickname": "Johnny",
  "exp": 1537362840,
  "iat": 1537359240,
  "family_name": "Doe",
  "email": "john.doe@example.com"
}

ID token claims

The payload contains a number of claims. A claim is a piece of information that is asserted about an entity. An entity in this context can be a person, but also other things like servers. An ID token can contain different types of claims:

  • Claims that tell something about the origin, authenticity, and validity of the ID token.

  • Claims that tell something about the user's identity for which this ID token was created

The ID token contains different user related claims depending on the scopes that the application (Relying Party) requested during the authorization request. For information about the possible claims that an ID token can contain, see OpenID Connect .

The following table provides descriptions for the generic claims that are in the ID token, regardless of the scopes that have been requested.

Claim Description
at_hash Hash of the access token that was issued. More information can be found on the Open ID Core specification
iss The issuer of this ID token. This is always be the OneWelcome Identity Platform.
aud The audience for which this ID token is intended. The Relying Party client ID that requested this ID token is always included as the audience.
sub The user identifier for the user that this ID token is representing
urn:onegini.com:oidc:group_policies User's policies and group memberships. Requires configuration of the delegated administration.

On this page