Next: , Previous: , Up: The Json Web Token   [Contents][Index]


8.5 ID tokens

The (webid-oidc oidc-id-token) module contains a definition for the OIDC ID token.

Class: <id-token> (<single-use-token> <oidc-token>) webid sub aud

The ID token is issued by an identity provider, and is intended to be used by the client only. It gives information about the user identified by a webid, an URI from (web uri), and the client ID, aud, an URI too. Since the client should not communicate this token, it is reasonable to think that the client will deccode the token as soon as it gets it, and then forget the now useless signature. This is why this token is considered single-use. The sub field should store a username as a string, but if it is missing, the webid (as a string) will be used.

To construct an ID token, you would either need #:jwt-header and #:jwt-payload, as for any token, or a combination of parameters:

Generic: webid token

Return the user identifier in token, as an URI.

Generic: sub token

Return the username in token, as a string.

Generic: aud token

Return the client identifier in token, as an URI.

Exception type: &invalid-id-token

This exception is raised when the ID token is invalid.

function: make-invalid-id-token

Construct an exception of type &invalid-id-token.

function: invalid-id-token? exception

Check whether exception was raised because of an invalid ID token.


Next: , Previous: , Up: The Json Web Token   [Contents][Index]