OIDC/OAuth token examples

Use this page to review example token payloads and sample values returned by Entrust Identity as a Service.

The following is the resulting token payload data for various types of tokens. These have been parsed and simplified for display purposes. Items, such as signatures, have been removed.

OIDC ID Token

{
  "sub": "user1",
  "aud": "acd612d3-79e6-4702-ba9d-90575125394f",
  "acr": "urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken",
  "nbf": 1616425220,
  "auth_time": 1616425012,
  "iss": "https://customer.region.trustedauth.com/api/oidc",
  "exp": 1616425940,
  "iat": 1616425220,
  "nonce": "abcd",
  "jti": "3f4e7ed0-e916-4140-9c3e-93ad7a4aabd2"
}

OIDC Access Token (for Userinfo data)

U-720039ce-5a55-433a-85a2-3a4ee720d9d6-QJ1N4r3jEFOjPBeNfXQw0wbJHzErgG3uS3MJAZI5bSk=

The corresponding Userinfo data that is obtained based on the access token

{
  "sub": "user1",
  "aud": "acd612d3-79e6-4702-ba9d-90575125394f",
  "name": "User One",
  "iss": "https://customer.region.trustedauth.com/api/oidc",
  "given_name": "User",
  "family_name": "One",
  "email": "user1@example.com",
  "iat": 1616423220
}

OAuth Access Token (used with Resource Server APIs)

{
  "app": "Sample Client Application",
  "sub": "user1",
  "iss": "https://customer.region.trustedauth.com/api/oidc",
  "given_name": "User",
  "aud": "https://example.com/apis/calendar",
  "nbf": 1616425220,
  "scope": "view:calendar edit:calendar",
  "name": "User One",
  "exp": 1616428820,
  "iat": 1616425220,
  "family_name": "One",
  "jti": "5f474e42-92ef-4ae4-bab7-b5ab2c052161",
  "cid": "acd612d3-79e6-4702-ba9d-90575125394f"
}

Refresh Token

R-5f474e42-92ef-4ae4-bab7-b5ab2c052161-9arzeOJKHWhtvKQOJw4MXXgLpE99bLEBjTu2q4KsC7s=

OIDC ID Token​

OIDC Access Token (for Userinfo data)​

OAuth Access Token (used with Resource Server APIs)​

Refresh Token​

OIDC ID Token

OIDC Access Token (for Userinfo data)

OAuth Access Token (used with Resource Server APIs)

Refresh Token