IdToken
The ID Token object as per the OpenID Connect specification. See:https://openid.net/specs/openid-connect-core-1_0.html#IDToken
{
"signature": "string",
"name": "string",
"locale": "\"en_US\"",
"customClaims": {
"customClaims": {}
},
"nonce": "string",
"email": "string",
"expired": false,
"jwsHeader": {
"typ": "string",
"alg": "string",
"kid": "string",
"jku": "string",
"jwk": "string",
"x5u": "string",
"x5t": "string",
"x5c": "string"
},
"iat": 1539988834,
"aud": [
"\"MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174\""
],
"auth_time": 1539988834,
"acr": "string",
"azp": "\"MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174\"",
"at_hash": "string",
"c_hash": "string",
"given_name": "string",
"family_name": "string",
"email_verified": false,
"updated_at": 1539988834,
"group_names": [
"string"
],
"group_ids": [
"string"
],
"subject": "\"exampleuser@TENANT\"",
"phone_number": "string",
"sub": "\"exampleuser@TENANT\"",
"iss": "\"https://acme.vmwareidentity.com/acs\"",
"exp": 1539988834
}
signature
End-User's full name in displayable form
End-User's locale.
customClaims
String value used to associate a Client session with an ID Token. The value is passed through unmodified from the Authentication Request to the ID Token.
End-User's preferred e-mail address.
expired
Time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Audience(s) that this ID Token is intended. The audience value is the OAuth 2.0 client_id of the Relying Party
Time when the End-User authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Authentication Context used to authenticate the user
Authorized party - the party to which the ID Token was issued. Contains the OAuth 2.0 Client ID of this party.
Access Token hash value. Base 64 URL encoded value.
Hash of the Access Code. Base 64 URL encoded value. Returned when the ID Token is issued from the Authorization Endpoint with a "code" or "code id_token", or "code id_token token" as the response type.
Given name(s) or first name(s) of the End-User.
Surname(s) or last name(s) of the End-User.
email_verified
Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
Name of all the groups user belongs to
Ids of all the groups user belongs to
Same as Subject Identifier. Maintained to provide backward compatibility with SAAS
End-User's preferred telephone number.
Subject Identifier. The Subject for whom the ID Token is issued.
The identifier for the authority that issued the token.
Expiration time on or after which the ID Token MUST NOT be accepted for processing. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.