Authing DocsDocuments
Concept
Guides
Development Integration
Application integration
Concept
Guides
Development Integration
Application integration
Old Version
Concept
  • What is Authing
  • What is the user pool
  • What is an application
  • What is certification
  • What is federal certification
  • What is authorization
  • Authentication vs authorization
  • What is JWT Token
  • What is ID Token
  • What is Access Token
  • What is Refresh Token
  • Access Token vs Id Token
  • OIDC FAQ
  • Understand the SAML2 protocol

  • Understand OIDC and OAuth2.0 protocol

  • What is multi-factor authentication
  • Account Lifecycle Management
  • Hosted login page vs embeddable login component
  • CIAM and EIAM
  • What is LDAP
  • Principle of Scan Code Login

¶ What is ID token

Update Time: 2022-04-20 11:18:51
Edit

In OIDC Protocol, There are three type of Token: id_token, access_token and refresh_token.

  • What is Access Token
  • What is Refresh Token

ID Token is the most important part that OpenID Connect OIDC (opens new window) added from OAuth 2.0 (opens new window). ID Token contains user's identity information. It can be used to verify user's identity when front end calling backend for resources.

In general ID Token is JWT Token, it's including user's identity key/value pairs. Eg:

{
   "iss": "https://server.example.com",
   "sub": "24400320",
   "aud": "s6BhdRkqt3",
   "nonce": "n-0S6_WzA2Mj",
   "exp": 1311281970,
   "iat": 1311280970,
   "auth_time": 1311280969,
   "acr": "urn:mace:incommon:iap:silver"
}

ID Token is a JWT Token means:

id_token include user's identity information. There is no need for another request for user info The integrity of id_token can be verified. How to verify ID Token.

¶ ID Token Claims Example

ClaimClaim
subbirthdate
namezoneinfo
given_namelocale
family_namephone_number
middle_namephone_number_verified
nicknameaddress
preferred_usernameformatted
profilestreet_address
picturelocality
websiteregion
emailpostal_code
email_verifiedcountry
genderupdated_at

OIDC Protocol for ID Token (opens new window)

Prev: What is JWT Token Next: What is Access Token
  • ID Token Claims Example

User identity management

Integrated third-party login
Mobile phone number flash check (opens new window)
Universal login form component
Custom authentication process

Enterprise internal management

Single Sign On
Multi-factor Authentication
Authority Management

Developers

Development Document
Framework Integration
Blog (opens new window)
GitHub (opens new window)
Community User Center (opens new window)

Company

400 888 2106
sales@authing.cn
16 / F, Block B, NORTH STAR CENTURY CENTER, Beijing(Total)
room 406, 4th floor, zone B, building 1, No. 200, Tianfu Fifth Street, Chengdu(branch)

Beijing ICP No.19051205-1

© Beijing Steamory Technology Co.