Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The ID Token is a JSON Web Token (JWT) that contains claims about the authentication of an end user as described in [OIDCCore] section 2.
The OpenID Connect 1.0 Protocol Extensions extend ID Token by adding a number of claims. See [OIDCCore] section 2 for definitions of the standard claims. The extended claims are defined as follows.
upn: OPTIONAL. The user principal name (UPN) of the end user represented in this ID Token. Note that for clients constructed according to [MS-OAPXBC], claims must have either the upn or the email. It is not necessary to have both.
unique_name: REQUIRED. A locally unique identifier within the Issuer for the end user. This is like the sub claim ([OIDCCore] section 2), but the value provided is always consistent across all clients, like a public subject identifier ([OIDCCore] section 8).
pwd_exp: OPTIONAL. An integer that expresses the number of seconds until the expiration of the end user's password or a similar authentication secret, such as a PIN.
pwd_url: OPTIONAL. The URL at which the end user can change their password or similar authentication secret.
email: OPTIONAL. The email address of the user represented in this ID token. Note that for clients constructed according to [MS-OAPXBC], claims must have either the upn or the email. It is not necessary to have both.