Login
      Contents x
      ID Token
      • 17 Oct 2024
      • 2 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      ID Token

      • Updated on 17 Oct 2024
      • 2 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      An ID Token is a JWT (JSON web token) - a cryptographically signed Base64-encoded JSON object. The ID Token contains user profile attributes represented in the form of claims. These claims are statements about the user, which can be trusted if the consumer of the token can verify its signature.

      The ID Token is consumed by the application to get user information like the user's name, email, and so forth, typically used for UI display. You can get an ID Token for a user after they successfully authenticate. You must verify the ID Token's signature before storing and using it. You will need to decode this token to read the claims (or attributes) of the user.

      The JWT website provides a list of libraries you can use to decrypt the ID Token. It was added to the OIDC specification as an optimization so the application can know the identity of the user, without having to make an additional network request. The ID Token conforms to an industry standard and consists of three parts:

      The following table describes the claims returned in the ID Token for all users.

      If the application has the Developer Portal setting to "Include core identity claims in ID token", then we expose them as well. The User Claims are then limited to:

      • openid

      • email

      • profile

      • address

      • phone

      Claim

      Description

      Example

      idp

      Identity Provider

      Visma Connect

      acr

      Authentication Context Class Reference. Level of Authentication

      2

      amr

      Authentication Methods References. Array of Authentication methods used

      ["pwd"]

      auth_time

      Time authentication last occured. Number of seconds since 01.01.1970

      1498217219

      sub

      Visma Connect Unique User ID of authenticated user

      1072cd43-d99a-4d44-84a2-5f80720c1a19

      sid

      Visma Connect Session ID of users current active session

      11474d36-22a3-40d8-925d-21af17826e38

      aud

      Client ID of the client who requested the authentication

      demoapp

      llt

      Last Login Time in Unix Time Stamp (Epoch time)

      1501591804

      Authentication Method References “amr”

      amr

      Description

      pwd

      Password authentication

      pwdless

      Passwordless authentication using FIDO2 devices

      remember2sv

      Remember 2 Step Verification (30 days) was used

      email

      Confirmation by email code

      face_fpt

      Passkey - Facial recognition or fingerprint

      hwk

      Passkey or 2FA - Hardware key with FIDO2 security (e.g. Youbikey)

      otp

      2FA: Time-based One time password (TOTP)

      push

      2FA: Visma Authenticator Push Notification

      pop

      2FA: Proof of possession of a key with U2F security (e.g. Youbikey)

      sms

      2FA: Confirmation by SMS code

      magiclink-initial

      Magiclink by API for initial login

      magiclink

      Magiclink by email

      imp

      Support User - Impersonation

      nbid

      BankID Norway - with or without ID-Porten

      nbid-biometric

      BankID Norway - Biometric with or without ID-Porten

      sbid

      BankID Sweden

      sbid-mobile

      BankID Sweden - Mobile

      commfides

      ID-Porten Norway - Commfides

      buypass

      ID-Porten Norway - Buypass

      minid-pin

      ID-Porten Norway - MinID (PIN)

      minid-otc

      ID-Porten Norway - MinID (OTC)

      minid-app

      ID-Porten Norway - MinID (app)

      testid

      ID-Porten Norway - TestId (test environments only)

      mitid_password

      MitID Denmark - Password authentication

      mitid_code_token

      MitID Denmark - Token authentication

      mitid_code_reader

      MitID Denmark - Reader authentication

      mitid_code_app

      MitID Denmark - App authentication

      mitid_code_app_enhanced

      MitID Denmark - Enhanced authentication

      mitid_u2f_token

      MitID Denmark - U2F Token authentication

      fbid-mpki.telia.1

      Finnish BankID - Mobile ID

      fbid-oidc.aktia.1

      Finnish BankID - Aktia

      fbid-oidc.alandsbanken.1

      Finnish BankID - Ålandsbanken

      fbid-oidc.danskebank.1

      Finnish BankID - Danske Bank

      fbid-oidc.handelsbanken.1

      Finnish BankID - Handelsbanken

      fbid-oidc.nordea.1

      Finnish BankID - Nordea

      fbid-oidc.omasp.1

      Finnish BankID - Oma Säästöpankki

      fbid-saml.op.1

      Finnish BankID - Osuuspankki

      fbid-oidc.pop.1

      Finnish BankID - POP Pankki

      fbid-oidc.sp.1

      Finnish BankID - Säästöpankki

      fbid-oidc.spankki.1

      Finnish BankID - S-Pankki

      Was this article helpful?
      What's Next

      © 2024 Visma

      Change password!
      Changing your password will log you out immediately. Use the new password to log back in.
      Change profile
      Success!
      First name must have atleast 2 characters. Numbers and special characters are not allowed.
      Last name must have atleast 1 characters. Numbers and special characters are not allowed.
      Enter a valid email
      Enter a valid password
      Your profile has been successfully updated.
      Logout