Authentication tokens

Bearer token (JWT: RFC 7516) issued by the identity partner (IdP) to attest a user's identity.

JSON representation
{ "aud": string, "email": string, "exp": string, "iat": string, "iss": string, ... }

Fields
`aud`	`string` The audience, as identified by the IdP. Should be checked against the local configuration.
`email`	`string (UTF-8)` The user's email address.
`exp`	`string` Expiration time.
`iat`	`string` Issuance time.
`iss`	`string` The token issuer. Should be validated against the trusted set of authentication issuers.
`...`	Your KACLS is free to use any other claims (location, custom claim, etc) to evaluate the perimeter.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2022-12-19 UTC.