OpenID Connect | Login.gov (2024)

Token response

The token response will be a JSON object containing the following:

access_token (string)

An unique token used to access the user info endpoint.

token_type (string)

The type of access token, which will always be Bearer.

expires_in (number)

The number of seconds the access token will expire.

See Also
Find your cloud ID - Azure Stack HubSign up for Cloud Identity

id_token (string)

A signed JWT that contains basic attributes about the user and it is signed using the RS256 algorithm. The public key used to verify this JWT is available from the certificates endpoint.

The id_token contains the following claims:

iss (string)

The issuer of the response, which will be the URL of the Login.gov IdP, for example: https://idp.int.identitysandbox.gov.

sub (string)

The subject identifier, the UUID of the Login.gov user (see user attributes).

aud (string)

The audience, which will be the client_id.

acr (string)

The Authentication Context Class Reference value of the returned claims, from the original authorization request.

at_hash (string)

The access token hash, a URL-safe base-64 encoding of the left 128 bits of the SHA256 of the access_token value. Provided so the client can verify the access_token value.

c_hash (string)

The code hash, a URL-safe base-64 encoding of the left 128 bits of the SHA256 of the authorization code value. Provided so the client can verify the code value.

exp (number)

The expiration time for this token, an integer timestamp representing the number of seconds since the Unix Epoch.

iat (number)

Time at which the JWT was issued, an integer timestamp representing the number of seconds since the Unix Epoch.

jti (number)

The JWT ID, a unique identifier for the token which can be used to prevent reuse of the token. Should be an unguessable, random string generated by the client.

nbf (number)

The “not before” value, an integer timestamp of when the token will start to be valid (number of seconds since the Unix Epoch).

nonce (string)

The nonce value provided by the client in the authorization request. A unique value, at least 22 characters in length, used to verify the integrity of the id_token and mitigate replay attacks. This value should include per-session state and be unguessable by attackers. Read more about nonce implementation in the spec.

Next step: User info 

{ "access_token": "hhJES3wcgjI55jzjBvZpNQ", "token_type": "Bearer", "expires_in": 3600, "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJiMmQyZDExNS0xZDdlLTQ1NzktYjlkNi1mOGU4NGY0ZjU2Y2EiLCJpc3MiOiJodHRwczovL2lkcC5pbnQubG9naW4uZ292IiwiYWNyIjoiaHR0cDovL2lkbWFuYWdlbWVudC5nb3YvbnMvYXNzdXJhbmNlL2xvYS8xIiwibm9uY2UiOiJhYWQwYWE"}
OpenID Connect | Login.gov (2024)
Top Articles
Can You Drink Expired Bottled Water? - Consumer Reports
RTO Vehicle Information - Vehicle Registration & Owner Details
Andi Eskin
Wodemo Link
Wilson Tattoo Shops
Rpg Maker Fullscreen
Atdhe Net
Oralbproshop
Www.nerdballertv
Tfsd Schoology
Pubblicare Annunci Gratuiti - comprare e vendere usato in Italia | CLASF
Jug Cousin Crossword Clue
WHAT WE CAN DO | Arizona Tile
Urban Dictionary Fov
Gamaflex Bot
Who Is Mikaylah? Age, Boyfriend, Net Worth, Wiki & More
Cognitive Function Test Potomac Falls
Lux Nails Columbia Mo
Villanova University Common Data Set
Intelligencer Journal from Lancaster, Pennsylvania
Apartments / Housing For Rent near Trenton, NJ - craigslist
Basketball Stars Unblocked Games Premium
Oxford Covered Market: How To Visit + What To Eat & Buy! - Where Goes Rose?
Grace Kinstler Bathing Suit
Madness Combat Wiki
Retribution Paladin DPS Spec, Builds, and Talents - The War Within (Season 1)
Craigslist New Hampshire Personals Alternative
Constraining neutron star matter from the slope of the mass-radius curves
24 Hour Drive Thru Car Wash Near Me
Nh. Craigslist
123Movies Tamil
Not Elaine from Seinfeld, Julia Louis-Dreyfus Missed Playing 1 TV Character the Most From Her Pre-Marvel Era
Tutorial - PyMuPDF 1.24.10 documentation
Ben Leventhal Net Worth
248-898-5000
How Much Is 10000 Nickels
Craigslist Snowblower
Cnme Patient Portal
Yahoo Weather San Diego
Great Grady Forum
Gypsy Rose Blanchard's Mother's Brutal Crime Scene Photos Go Viral On Her 33rd Birthday
Tinaqueenwifey
Police bust global cyber gang accused of industrial-scale fraud
Lucki White House Lyrics
Brightspring Reach Login
OPINION: My grandfather was Delaware's last Republican governor. I'm supporting Harris
Select Truck Greensboro
Onlyonerhonda Cam
Weather Underground Merritt Island
Survival Hunter Pets Guide - The War Within (Season 1)
1V1 Google Classroom
ROG STRIX B550-E GAMING | Motherboards | ROG Global
Latest Posts
APIs for dummies: An introduction for non-devs
What Is Google Cloud Platform?
Article information

Author: Msgr. Refugio Daniel

Last Updated:

Views: 6670

Rating: 4.3 / 5 (74 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Msgr. Refugio Daniel

Birthday: 1999-09-15

Address: 8416 Beatty Center, Derekfort, VA 72092-0500

Phone: +6838967160603

Job: Mining Executive

Hobby: Woodworking, Knitting, Fishing, Coffee roasting, Kayaking, Horseback riding, Kite flying

Introduction: My name is Msgr. Refugio Daniel, I am a fine, precious, encouraging, calm, glamorous, vivacious, friendly person who loves writing and wants to share my knowledge and understanding with you.