ID Token
- 17 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
ID Token
- Updated on 17 Sep 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
An ID Token is a JWT (JSON web token) - a cryptographically signed Base64-encoded JSON object. The ID Token contains user profile attributes represented in the form of claims. These claims are statements about the user, which can be trusted if the consumer of the token can verify its signature.
The ID Token is consumed by the application to get user information like the user's name, email, and so forth, typically used for UI display. You can get an ID Token for a user after they successfully authenticate. You must verify the ID Token's signature before storing and using it. You will need to decode this token to read the claims (or attributes) of the user.
The JWT website provides a list of libraries you can use to decrypt the ID Token. It was added to the OIDC specification as an optimization so the application can know the identity of the user, without having to make an additional network request. The ID Token conforms to an industry standard and consists of three parts:
The following table describes the claims returned in the ID Token for all users.
Claim | Description | Example |
|---|---|---|
idp | Identity Provider | Visma Connect |
acr | Authentication Context Class Reference. Level of Authentication | 2 |
amr | Authentication Methods References. Array of Authentication methods used | ["pwd"] |
auth_time | Time authentication last occured. Number of seconds since 01.01.1970 | 1498217219 |
sub | Visma Connect Unique User ID of authenticated user | 1072cd43-d99a-4d44-84a2-5f80720c1a19 |
sid | Visma Connect Session ID of users current active session | 11474d36-22a3-40d8-925d-21af17826e38 |
aud | Client ID of the client who requested the authentication | demoapp |
llt | Last Login Time in Unix Time Stamp (Epoch time) | 1501591804 |
Authentication Method References “amr”
amr | Description |
|---|---|
pwd | Password authentication |
pwdless | Passwordless authentication using FIDO2 devices |
remember2sv | Remember 2 Step Verification (30 days) was used |
Confirmation by email code | |
face_fpt | Passkey - Facial recognition or fingerprint |
hwk | Passkey or 2FA - Hardware key with FIDO2 security (e.g. Youbikey) |
otp | 2FA: Time-based One time password (TOTP) |
push | 2FA: Visma Authenticator Push Notification |
pop | 2FA: Proof of possession of a key with U2F security (e.g. Youbikey) |
sms | 2FA: Confirmation by SMS code |
magiclink-initial | Magiclink by API for initial login |
magiclink | Magiclink by email |
imp | |
nbid | BankID Norway - with or without ID-Porten |
nbid-biometric | BankID Norway - Biometric with or without ID-Porten |
sbid | BankID Sweden |
sbid-mobile | BankID Sweden - Mobile |
commfides | ID-Porten Norway - Commfides |
buypass | ID-Porten Norway - Buypass |
minid-pin | ID-Porten Norway - MinID (PIN) |
minid-otc | ID-Porten Norway - MinID (OTC) |
minid-app | ID-Porten Norway - MinID (app) |
testid | ID-Porten Norway - TestId (test environments only) |
mitid_password | MitID Denmark - Password authentication |
mitid_code_token | MitID Denmark - Token authentication |
mitid_code_reader | MitID Denmark - Reader authentication |
mitid_code_app | MitID Denmark - App authentication |
mitid_code_app_enhanced | MitID Denmark - Enhanced authentication |
mitid_u2f_token | MitID Denmark - U2F Token authentication |
fbid-mpki.telia.1 | Finnish BankID - Mobile ID |
fbid-oidc.aktia.1 | Finnish BankID - Aktia |
fbid-oidc.alandsbanken.1 | Finnish BankID - Ålandsbanken |
fbid-oidc.danskebank.1 | Finnish BankID - Danske Bank |
fbid-oidc.handelsbanken.1 | Finnish BankID - Handelsbanken |
fbid-oidc.nordea.1 | Finnish BankID - Nordea |
fbid-oidc.omasp.1 | Finnish BankID - Oma Säästöpankki |
fbid-saml.op.1 | Finnish BankID - Osuuspankki |
fbid-oidc.pop.1 | Finnish BankID - POP Pankki |
fbid-oidc.sp.1 | Finnish BankID - Säästöpankki |
fbid-oidc.spankki.1 | Finnish BankID - S-Pankki |
Was this article helpful?