...
The claims available in the ID Token is also dependent on the scopes requested/specified by the client.
...
Claim | Scope | Description | Example |
---|---|---|---|
auth_time | openid | Time when the end-user authentication occurred. | "auth_time: "0" |
nonce | openid | Case sensitive string value used to associate a client session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified from the authentication request to the ID Token. Note: Required when using Implicit Flow! | "nonce": "681913a288be" |
acr | openid | String specifying an Authentication Context Class Reference value that identifies the Authentication Context Class that the authentication performed satisfied. This can for example be values based on some definition of Level of Assurance (LoA). See Context specific claims below. | "acr": "3edias-loa-high" |
amr | openid | JSON array of strings that are identifiers for authentication methods used in the authentication. This can for example be values which indicate that both password and OTP authentication methods were used. See https://tools.ietf.org/html/rfc8176 for standardised values. See Context specific claims below. | "amr": ["sc", "pwd", "otp"] |
azp | openid | Authorized party - the party to which the ID Token was issued. If present, will contain the client_id of the party. | "azp": "oidc-client" |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "jti": "f946a21d-53e4-4b1b-b189-5805025d7d7c", "exp": 1558702349, "nbf": 0, "iat": 1558702289, "iss": "https://auth.test.buypass.no/auth/realms/SECURITYDOMAIN", "aud": "oidc-client", "sub": "d6cccb1c-4390-41c1-b956-184ac9213a64", "typ": "ID", "azp": "oidc-client", "auth_time": 0, "session_state": "1b3b3efa-a26b-4599-8a49-ee1888402416", "acr": "1edias-loa-substanital", "preferred_username": "someuser" } |
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "jti": "1055d27f-8269-45e9-b41e-857ac698b329", "exp": 1558703827, "nbf": 0, "iat": 1558703767, "iss": "https://auth.test.buypass.no/auth/realms/SECURITYDOMAIN", "aud": "oidc-client-2", "sub": "f:6ba131e6-fce2-4a92-924b-26b47a5632c1:15089100213", "typ": "ID", "azp": "oidc-client", "nonce": "0eQKh14zYgXrdLg1pSkcyHnVX4GiW4ztjgyHlPzayWY", "auth_time": 1558703767, "session_state": "92f817ea-190d-47e5-a323-44f4c2967ebe", "acr": "1edias-loa-substanital", "name": "BRITT FOS EDLAND", "preferred_username": "15089100213", "bp_id_sub": "101430957", "given_name": "BRITT FOS", "family_name": "EDLAND", "bp_nnin_sub": "15089100213" } |
...