IdToken
The ID Token object as per the OpenID Connect specification. See:https://openid.net/specs/openid-connect-core-1_0.html#IDToken
{
"signature": "string",
"name": "string",
"locale": "en_US",
"customClaims": {
"customClaims": {}
},
"nonce": "string",
"email": "string",
"expired": false,
"jwsHeader": {
"typ": "string",
"alg": "string",
"kid": "string",
"jku": "string",
"jwk": "string",
"x5u": "string",
"x5t": "string",
"x5c": "string"
},
"subject": "exampleuser@TENANT",
"phone_number": "string",
"azp": "MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174",
"acr": "string",
"at_hash": "string",
"c_hash": "string",
"email_verified": false,
"updated_at": 1539988834,
"group_ids": [
"string"
],
"iat": 1539988834,
"auth_time": 1539988834,
"aud": [
"MyOAuth2Client@e9d80cec-4e12-4970-828d-ae4557e33174"
],
"group_names": [
"string"
],
"family_name": "string",
"given_name": "string",
"iss": "\"https://acme.vmwareidentity.com/acs\"",
"sub": "exampleuser@TENANT",
"user_name": "string",
"roles": [
{
"name": "admin",
"resources": [
"string"
],
"_links": {
"self": {
"href": "https://example.com/path-to-self"
}
},
"display_name": "Administrator",
"membership_type": [
"DIRECT",
"GROUP"
],
"group_ids": [
"groupId1",
"groupId2"
],
"sub_roles": [
{
"type": "nsx",
"names": [
{
"name": "moderator",
"display_name": "Moderator"
}
],
"_links": {
"self": {
"href": "https://example.com/path-to-self"
}
}
}
],
"expires_at": 1700000000000
}
],
"oid": "string",
"exp": 1539988834
}signature
The end-user's full name in displayable form
The locale of the end-user
customClaims
String value used to associate a Client session with an ID Token. The value is passed through unmodified from the Authentication Request to the ID Token.
The end-user's preferred e-mail address
expired
This is the same as the subject identifier. It is maintained to provide backward compatibility with SAAS.
The end-user's preferred telephone number
Authorized party - the party to which the ID Token was issued. Contains the OAuth 2.0 Client ID of this party.
The authentication context used to authenticate the user
The access token hash value. Base64url encoded value.
The hash of the access code. Base 64 URL encoded value. Returned when the ID Token is issued from the Authorization Endpoint with a "code" or "code id_token", or "code id_token token" as the response type.
The verified e-mail address of the end-user
The time the end-user's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The IDs of all groups the user belongs to
The time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The time when the end-user authentication occurred. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
The audience(s) that this ID Token is intended. The audience value is the OAuth 2.0 client_id of the Relying Party.
The names of all groups the user belongs to
The surname(s) or last name(s) of the end-user
The given name(s) or first name(s) of the end-user
The identifier for the authority that issued the token
The subject identifier of the subject for whom the ID Token is issued.
Get the name of the user
Get the oid of the user
The expiration time on or after which the ID Token MUST NOT be accepted for processing. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.