ID token details

This guide covers more details on ID tokens, supported claim types, and common errors.

Example ID token

{
  "iss": "<https://sandbox-idp.ddp.akoya.com/",>
  "sub": "CkExamplehtaWtvbP9fMRIGbWlrb21v",
  "aud": "recipient",
  "exp": 1626206304,
  "iat": 1626119904,
  "at_hash": "VZ_ExJP9zAhtWa5KxCTX-CQ",
  "email": "mikomo_1",
  "email_verified": false,
  "name": "KLDJFSDI4909DPSJNIO"
}

Akoya ID JWT claims

These claim types are supported by Akoya but not all may be present.

  • iss - Issuer of the JWT, Akoya
  • sub - Unique value to identify the end-user with the scope specific to the data provider
  • aud - Data recipient
  • exp - Time token will expire in Unix Epoch format
  • iat - The time the token was issued in Unix Epoch format
  • at_hash - Access token hash value
  • email - End-user’s email address
  • email_verified - True if end-user’s email is verified, otherwise false
  • name - Akoya internal user identifier
  • locale- End-user's locale

For more: see the RFC on Identity Token claims.

Expired ID token error

If you use an expired ID token with a product (data) endpoint, it will produce error code 602.

{
    "code": 602,
    "message": "Customer not authorized"
}

If you receive this error, you should refresh the tokens. Then, using the new ID token, make the call for data again.

Expired refresh token error

If you make a request using the Token API with an expired refresh token, you will receive an invalid_request error.

{
    "error": "invalid_request",
    "error_description": "Refresh token is invalid or has already been claimed by another client."
}

An expired refresh token requires the app to redirect the end-user back through the consent flow and account selection process to reauthorize and receive a new set of ID and refresh tokens.


Change log

DateOverview
2024-Sept-03Added intro.
2024-Jul-26Original


Need help?

Check out our Developer Community, or visit the Support Center in the Data Recipient Hub.

Looking for provider nuance documentation?

All provider nuance documentation is available in the Data providers section in the Data Recipient Hub.

Still stuck?

For all production issues, submit a support ticket through the Data Recipient Hub. Our support team is standing by 24/7. Questions and non-production issues will be answered during business hours.