ID Token
- is a JSON Web Tokens (JWT) that contains claims about the authentication of an End-User and their identity. It may optionally contain other data about the End-User
ID Token - Structure
The claims are represented in a simple JSON object e.g.
{
"iss": "https://server.example.com",
"sub": "24400320",
"aud": "s6BhdRkqt3",
"nonce": "n-0S6_WzA2Mj",
"exp": 1311281970,
"iat": 1311280970,
"auth_time": 1311280969,
"acr": "urn:mace:incommon:iap:silver"
}
as a minimum the id token will contain the following claims:
|
Claim |
Name |
Description |
|---|---|---|
|
iss |
Issuer Identifier |
An identifier for OpenID Provider. |
|
sub |
Subject Identifier |
A unique identifier for the End-User. |
|
aud |
Audience(s) |
The identifier of the Relying Party and any other parties intended as a recipient. |
|
exp |
Expiration |
The time on or after which the ID Token must not be accepted for processing. |
|
iat |
Issuance Time |
The time at which the JWT was issued. |
The JSON Object is either:
- signed using JSON Web Signature (JWS)
- signed & encrypted using JSON Web Encryption (JWE)