IT:AD:id_token
Notes
The ID Token is an IT:AD:OpenId Connect (OIDC) security token that contains Claims about the Authentication of an End-User by an Authorization Server when using a Client, and potentially other requested Claims. The ID Token is represented as a a IT:AD:JWT.
The JWT's body is as follows:
{ "sub" : "jsmith", "iss" : "https://openid.c2id.com", "aud" : "client-12345", "nonce" : "n-0S6_WzA2Mj", "auth_time" : 1311280969, "acr" : "c2id.loa.hisec", "iat" : 1311280970, "exp" : 1311281970, }
The keys are for: Subject (sub
), Identity ISuer (iis
), intended Audience client (aud
), issued at (iat
) and when it will epire (exp
). May optionally contain a nonce
and when the authentication took place (auth_time
)
As all IT:AD:JWTs, the body is
var jwt = base64Header+"."+base64Body+"."+signatureHash;
Claims
The JWT is made of standard claims about the Authentication of the User, and – optionally – other claims:
Use
A id_token
allows for:
- stateless sessions: which better suits scaling than server side storage.
- passing information to 3rd party services: as the JWT's contents is only encoded, and not encrypted, the claims package can be selectively shared with 3rd party services (eg: logging).
- token exchange: [TODO].