Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

OpenId Connect > ID Token 1 (10.02.2023 3M) > Flashcards

ID Token 1 (10.02.2023 3M) Flashcards

1
Q

Name most common identity token claims.

A
  • iss (issuer)
  • sub (subject)
  • aud (audence)
  • exp (expiration time)
  • iat (issued at)
  • auth_time (authentication time)
  • nonce
  • acr (authentication context class reference)
  • amr (authentication methods references)
  • azp (authorized party)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe “iss” claim of ID Token.

A

Notice that it’s similar to JWT’s “iss” claim, but has more specific characteristics. At least for JWT it’s any StringOrUri value and optional.

REQUIRED.
Issuer Identifier for the Issuer of the response.
The iss value is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe “sub” claim of ID Token.

A

By the way, for JWT it’s optional and may be any StringOrUri value.

REQUIRED.
Subject Identifier.
A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client. It MUST NOT exceed 255 ASCII characters in length. The sub value is a case sensitive string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe “aud” claim of ID Token.

A

By JWT specification it’s Optional, and value is any StringOrUri or array of any StringOrUri.

REQUIRED.
Audience(s) that this ID Token is intended for.

It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value. It MAY also contain identifiers for other audiences. In the general case, the aud value is an array of case sensitive strings. In the common special case when there is one audience, the aud value MAY be a single case sensitive string.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe “exp” claim of ID Token.

A

REQUIRED.
Expiration time on or after which the ID Token MUST NOT be accepted for processing. The processing of this parameter requires that the current date/time MUST be before the expiration date/time listed in the value. Implementers MAY provide for some small leeway, usually no more than a few minutes, to account for clock skew. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe “iat” claim of ID Token.

A

REQUIRED.
Time at which the JWT was issued. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

OpenId Connect (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions