Check ID Token

Check ID Token

Display the content of the given ID token with expanded claims if the token is valid.
If the token is invalid or expired, an error will be returned.
This endpoint should be used to expand the overflow claims in the ID token, if any (like the 'group_names' and 'group_ids' claim).
Even though this endpoint can also be used to validate an ID token, it is expected that the client validates an ID token locally instead.

Request
URI
GET
https://sc2-10-185-6-200.eng.vmware.com//oauth/check_id_token
COPY
Header Parameters
string
Authorization
Required

ID token in Bearer Authentication format i.e. 'Bearer XXX' where XXX is the content of an ID token

Authorization example 
Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiYXQ6YWIyOTMxMTQtYzE1OC00OGZkLWE2NjAtZmMxNTc0NzNhMDAxIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsIm92bCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hcGkvY2hlY2tfaWRfdG9rZW4iLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAiLCJjb250ZXh0X25hbWUiOiJkZWZhdWx0IiwiZ2l2ZW5fbmFtZSI6ImxvY2FsVXNlcjEwIiwiYXVkIjpbImdhei1iYXQiXSwiYXV0aF90aW1lIjoxNTM3MjYyOTY0LCJkb21haW4iOiJTeXN0ZW0gRG9tYWluIiwiY29udGV4dCI6ImEzZTVmNzMzLTlkN2MtNGVkZi05YjRhLTczMDg5YTk4NWEyYiIsImV4cCI6MTUzNzI5MDU0MywiaWF0IjoxNTM3MjY4OTQzLCJmYW1pbHlfbmFtZSI6IjEwIiwib3ZjIjpbImdyb3VwX25hbWVzIiwiZ3JvdXBfaWRzIl0sImVtYWlsIjoibG9jYWxVc2VyMTBAZGlzcG9zdGFibGUuY29tIiwidXNlcm5hbWUiOiJsb2NhbFVzZXIxMCJ9.TkylNn5A4TGBch4jCjEQ4a7AUwuSBX9EoPZQDhEIkzQmUGgA19p8N9ibX_XEmL0GNU99nCUh30u-_9347JBgpkq0Zou2_hIYPp_5tJfIErjZvPbQKl2F_tqo6beI8F5juQYl27XpuEDpVd3yMvct2v8V0miFpzJcpbPTRbshf39jfyt2_rosfJ3vAQvVKx74z7d0WeERPxgSmBspTvcd8qzuy86dAa6WQ3Z9nvm-ipTWDvc80UTKqC45qf1kz7soHm-fhAs9U06ZwTnHj7YNt4lMxn5i17ztk4ST5YqBrMfxxnH_76gllHJo0kYEOkslSMXsSEojaFwr4z_oMx5Cmg
Responses
200

Decoded ID Token with all claims.

Returns IdTokenResponse of type(s) */* 
{
    "sub": "string",
    "iss": "string",
    "context": "string",
    "username": "string",
    "email": "string",
    "domain": "string",
    "iat": 0,
    "exp": 0,
    "aud": [
        "string"
    ],
    "acct": "string",
    "context_name": "string",
    "given_name": "string",
    "family_name": "string",
    "email_verified": false,
    "auth_time": 0,
    "group_names": [
        "string"
    ],
    "group_ids": [
        "string"
    ]
}
string
sub
Optional

The user on behalf of which the token was issued.

string
iss
Optional

The issuer of the token (URL of Identity Service).

string
context
Optional

The context in which the token was issued.

string
username
Optional

The user's username.

string
email
Optional

The user's email.

string
domain
Optional

The domain the user belongs to.

integer As int64 As int64
iat
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token was issued.

integer As int64 As int64
exp
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token will expire.

array of string
aud
Optional

The list of audience(s). OAuth client(s) the token is issued to.

string
acct
Optional

The user's account identifier, the acct claim can be a combination of the user's username and domain in URLEncoded(username)@domain format or the user's email or the UPN of the user.

string
context_name
Optional

The context name in which the token was issued.

string
given_name
Optional

The user's given name.

string
family_name
Optional

The user's family name.

boolean
email_verified
Optional

True if the user's e-mail address has been verified; otherwise false.

integer As int64 As int64
auth_time
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the user was originally authenticated.

array of string
group_names
Optional

Names of the groups the user belongs to.

array of string
group_ids
Optional

Identifiers of the groups the user belongs to.


401

Invalid ID Token.

Returns IdTokenResponse of type(s) */* 
{
    "sub": "string",
    "iss": "string",
    "context": "string",
    "username": "string",
    "email": "string",
    "domain": "string",
    "iat": 0,
    "exp": 0,
    "aud": [
        "string"
    ],
    "acct": "string",
    "context_name": "string",
    "given_name": "string",
    "family_name": "string",
    "email_verified": false,
    "auth_time": 0,
    "group_names": [
        "string"
    ],
    "group_ids": [
        "string"
    ]
}
string
sub
Optional

The user on behalf of which the token was issued.

string
iss
Optional

The issuer of the token (URL of Identity Service).

string
context
Optional

The context in which the token was issued.

string
username
Optional

The user's username.

string
email
Optional

The user's email.

string
domain
Optional

The domain the user belongs to.

integer As int64 As int64
iat
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token was issued.

integer As int64 As int64
exp
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token will expire.

array of string
aud
Optional

The list of audience(s). OAuth client(s) the token is issued to.

string
acct
Optional

The user's account identifier, the acct claim can be a combination of the user's username and domain in URLEncoded(username)@domain format or the user's email or the UPN of the user.

string
context_name
Optional

The context name in which the token was issued.

string
given_name
Optional

The user's given name.

string
family_name
Optional

The user's family name.

boolean
email_verified
Optional

True if the user's e-mail address has been verified; otherwise false.

integer As int64 As int64
auth_time
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the user was originally authenticated.

array of string
group_names
Optional

Names of the groups the user belongs to.

array of string
group_ids
Optional

Identifiers of the groups the user belongs to.


404

Registration could not be found.

Returns IdTokenResponse of type(s) */* 
{
    "sub": "string",
    "iss": "string",
    "context": "string",
    "username": "string",
    "email": "string",
    "domain": "string",
    "iat": 0,
    "exp": 0,
    "aud": [
        "string"
    ],
    "acct": "string",
    "context_name": "string",
    "given_name": "string",
    "family_name": "string",
    "email_verified": false,
    "auth_time": 0,
    "group_names": [
        "string"
    ],
    "group_ids": [
        "string"
    ]
}
string
sub
Optional

The user on behalf of which the token was issued.

string
iss
Optional

The issuer of the token (URL of Identity Service).

string
context
Optional

The context in which the token was issued.

string
username
Optional

The user's username.

string
email
Optional

The user's email.

string
domain
Optional

The domain the user belongs to.

integer As int64 As int64
iat
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token was issued.

integer As int64 As int64
exp
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token will expire.

array of string
aud
Optional

The list of audience(s). OAuth client(s) the token is issued to.

string
acct
Optional

The user's account identifier, the acct claim can be a combination of the user's username and domain in URLEncoded(username)@domain format or the user's email or the UPN of the user.

string
context_name
Optional

The context name in which the token was issued.

string
given_name
Optional

The user's given name.

string
family_name
Optional

The user's family name.

boolean
email_verified
Optional

True if the user's e-mail address has been verified; otherwise false.

integer As int64 As int64
auth_time
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the user was originally authenticated.

array of string
group_names
Optional

Names of the groups the user belongs to.

array of string
group_ids
Optional

Identifiers of the groups the user belongs to.


503

Could not fetch groups of user.

Returns IdTokenResponse of type(s) */* 
{
    "sub": "string",
    "iss": "string",
    "context": "string",
    "username": "string",
    "email": "string",
    "domain": "string",
    "iat": 0,
    "exp": 0,
    "aud": [
        "string"
    ],
    "acct": "string",
    "context_name": "string",
    "given_name": "string",
    "family_name": "string",
    "email_verified": false,
    "auth_time": 0,
    "group_names": [
        "string"
    ],
    "group_ids": [
        "string"
    ]
}
string
sub
Optional

The user on behalf of which the token was issued.

string
iss
Optional

The issuer of the token (URL of Identity Service).

string
context
Optional

The context in which the token was issued.

string
username
Optional

The user's username.

string
email
Optional

The user's email.

string
domain
Optional

The domain the user belongs to.

integer As int64 As int64
iat
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token was issued.

integer As int64 As int64
exp
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the token will expire.

array of string
aud
Optional

The list of audience(s). OAuth client(s) the token is issued to.

string
acct
Optional

The user's account identifier, the acct claim can be a combination of the user's username and domain in URLEncoded(username)@domain format or the user's email or the UPN of the user.

string
context_name
Optional

The context name in which the token was issued.

string
given_name
Optional

The user's given name.

string
family_name
Optional

The user's family name.

boolean
email_verified
Optional

True if the user's e-mail address has been verified; otherwise false.

integer As int64 As int64
auth_time
Optional

Timestamp, measured in number of seconds since 1/1/1970 UTC, indicating when the user was originally authenticated.

array of string
group_names
Optional

Names of the groups the user belongs to.

array of string
group_ids
Optional

Identifiers of the groups the user belongs to.


On This Page
Check ID Token Controller Operations
GET
Check ID Token