Authentication Result
An authentication result is returned on the callback of an authentication event in the form of the AuthResult
object. This page describes the AuthResult
object and its associated fields.
The AuthResult object
{
"accessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIU…",
"expiresIn": 86400,
"tokenType": "Bearer",
"idToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1N…",
"idTokenPayload": {
"authType": "password",
"birthdate": "2024-10-12",
"email": "nikkyd@example.com",
"emailVerified": true,
"auth_time": 1702283493,
"exp": 1704067201,
"familyName": "Dubois",
"givenName": "Nicole",
"gender": "female",
"iat": 1311280970,
"iss": "http://server.example.com",
"locale": "en",
"name": "Nicole Dubois",
"newUser": false,
"sub": "248289761001",
"picture": "http://example.com/nikkyd/me.png",
"profile": "http://example.com/nikkyd",
"updatedAt": "2024-11-21T10:45:22"
},
"code": "XpcgV…5sSY5",
"state": "aBC1..PoP",
"stepUpToken": "PyJ0eXAi…JIUzI1N",
"amr": "mfa",
"providerName": "kakaotalk",
"providerAccessToken": "ya29.a0AbV…YGo9wg0174",
}
AuthResult object fields
Field | Type | Description | ||
---|---|---|---|---|
|
The user’s access token. This a security token that gives access to authorized resources without further identification. It is represented as a JSON Web Token (JWT). |
|||
|
The lifetime of the access token (in seconds).
|
|||
|
The type of token that is issued.
|
|||
|
The user’s refresh token.
|
|||
|
The user’s ID token. This is a security token that contains authentication claims about the user. It is represented as a JSON Web Token (JWT).
|
|||
|
The body of the ID token which outlines the claims. See ID token payload for more details.
|
|||
|
The authorization code received from the initial authorization call. |
|||
|
An opaque value used to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. |
|||
|
The step up token needed to complete the stepup flow. |
|||
|
The Authentication Method Reference (
|
|||
|
The name of the social login provider used to log in.
|
|||
|
The access token from the social login provider.
|
ID token payload
The possible claims to assert about an authenticated user are outlined in the table below.
Field | Type | Description | ||
---|---|---|---|---|
|
The type of authentication used. allowed values:
|
|||
|
The birthdate of the profile, represented as an ISO 8601 |
|||
|
The primary email address of the profile. |
|||
|
True if the user’s e-mail address has been verified; otherwise false. |
|||
|
The expiration time claim identifies the point in time (as a Unix timestamp) on or after which the JWT must not be accepted for processing. Example
|
|||
|
The family name of the profile.
|
|||
|
The given name of the profile.
|
|||
|
The gender of the profile.
|
|||
|
The time (as a Unix timestamp) at which the JWT was issued. Example
|
|||
|
The issuer claim identifies the principal that issued the JWT. |
|||
|
The profile’s language code in lowercase and country code in uppercase, separated by a dash (eg |
|||
|
The full name of the profile. |
|||
|
Whether the profile is new. |
|||
|
The subject claim that identifies the profile. |
|||
|
The URL of one of the user’s profile pictures. This URL refers to an image file (PNG, JPEG, or GIF image file). |
|||
|
The URL of one of the user’s profile pages (usually a social provider’s page). |
|||
|
The time the profile’s information was last updated. |
|||
|
The time when end user authentication occurred. The time represents the first authentication of a given underlying session. This is represented as a Unix timestamp. Example
|