IdToken

IdToken
IdToken

The ID Token object as per the OpenID Connect specification. See:https://openid.net/specs/openid-connect-core-1_0.html#IDToken

JSON Example
{
    "signature": "string",
    "nonce": "string",
    "name": "string",
    "locale": "\"en_US\"",
    "email": "string",
    "expired": false,
    "jwsHeader": {
        "typ": "string",
        "alg": "string",
        "kid": "string",
        "jku": "string",
        "jwk": "string",
        "x5u": "string",
        "x5t": "string",
        "x5c": "string"
    },
    "given_name": "string",
    "family_name": "string",
    "at_hash": "string",
    "azp": "\"MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174\"",
    "exp": 1539988834,
    "group_names": [
        "string"
    ],
    "subject": "\"exampleuser@TENANT\"",
    "group_ids": [
        "string"
    ],
    "c_hash": "string",
    "email_verified": false,
    "acr": "string",
    "phone_number": "string",
    "aud": [
        "MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174"
    ],
    "updated_at": 1539988834,
    "iat": 1539988834,
    "auth_time": 1539988834,
    "iss": "\"https://acme.vmwareidentity.com/acs\"",
    "sub": "\"exampleuser@TENANT\""
}
string
signature
Optional

signature

object
customClaims
Optional

customClaims

string
nonce
Optional

String value used to associate a Client session with an ID Token. The value is passed through unmodified from the Authentication Request to the ID Token.

string
name
Optional

End-User's full name in displayable form

string
locale
Optional

End-User's locale.

string
email
Optional

End-User's preferred e-mail address.

boolean
expired
Optional

expired

JWSHeader
jwsHeader
Optional

jwsHeader

string
given_name
Optional

Given name(s) or first name(s) of the End-User.

string
family_name
Optional

Surname(s) or last name(s) of the End-User.

string
at_hash
Optional

Access Token hash value. Base 64 URL encoded value.

string
azp
Optional

Authorized party - the party to which the ID Token was issued. Contains the OAuth 2.0 Client ID of this party.

integer As int64 As int64
exp
Optional

Expiration time on or after which the ID Token MUST NOT be accepted for processing. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

array of string
group_names
Optional

Name of all the groups user belongs to

string
subject
Required

Same as Subject Identifier. Maintained to provide backward compatibility with SAAS

array of string
group_ids
Optional

Ids of all the groups user belongs to

string
c_hash
Optional

Hash of the Access Code. Base 64 URL encoded value. Returned when the ID Token is issued from the Authorization Endpoint with a "code" or "code id_token", or "code id_token token" as the response type.

boolean
email_verified
Optional

email_verified

string
acr
Optional

Authentication Context used to authenticate the user

string
phone_number
Optional

End-User's preferred telephone number.

array of string
aud
Optional

Audience(s) that this ID Token is intended. The audience value is the OAuth 2.0 client_id of the Relying Party

integer As int64 As int64
updated_at
Optional

Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

integer As int64 As int64
iat
Optional

Time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

integer As int64 As int64
auth_time
Optional

Time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

string
iss
Optional

The identifier for the authority that issued the token.

string
sub
Required

Subject Identifier. The Subject for whom the ID Token is issued.

Returned By