ID token details
This guide covers more details on ID tokens, supported claim types, and common errors.
Example ID token
{
"iss": "<https://sandbox-idp.ddp.akoya.com/",>
"sub": "CkExamplehtaWtvbP9fMRIGbWlrb21v",
"aud": "recipient",
"exp": 1626206304,
"iat": 1626119904,
"at_hash": "VZ_ExJP9zAhtWa5KxCTX-CQ",
"email": "mikomo_1",
"email_verified": false,
"name": "KLDJFSDI4909DPSJNIO"
}
Akoya ID JWT claims
These claim types are supported by Akoya but not all may be present.
iss
- Issuer of the JWT, Akoyasub
- Unique value to identify the end-user with the scope specific to the data provideraud
- Data recipientexp
- Time token will expire in Unix Epoch formatiat
- The time the token was issued in Unix Epoch formatat_hash
- Access token hash valueemail
- End-user’s email addressemail_verified
- True if end-user’s email is verified, otherwise falsename
- Akoya internal user identifierlocale
- End-user's locale
For more: see the RFC on Identity Token claims.
Expired ID token error
If you use an expired ID token with a product (data) endpoint, it will produce error code 602
.
{
"code": 602,
"message": "Customer not authorized"
}
If you receive this error, you should refresh the tokens. Then, using the new ID token, make the call for data again.
Expired refresh token error
If you make a request using the Token API with an expired refresh token, you will receive an invalid_request
error.
{
"error": "invalid_request",
"error_description": "Refresh token is invalid or has already been claimed by another client."
}
An expired refresh token requires the app to redirect the end-user back through the consent flow and account selection process to reauthorize and receive a new set of ID and refresh tokens.
Change log
Date | Overview |
---|---|
2024-Sept-03 | Added intro. |
2024-Jul-26 | Original |
Need help?
Check out our Developer Community, or visit the Support Center in the Data Recipient Hub.
Looking for provider nuance documentation?
All provider nuance documentation is available in the Data providers section in the Data Recipient Hub.
Still stuck?
For all production issues, submit a support ticket through the Data Recipient Hub. Our support team is standing by 24/7. Questions and non-production issues will be answered during business hours.
Updated 2 months ago