What Is id_token


What is id_token used in OpenID Connect protocol?

✍: FYIcenter.com


"id_token" is Base64URL encoded string returned from the authentication service provider after the user successfully finishes the authentication process.

"id_token" follows the "RFC 7519 - JWT (JSON Web Token)" to encode authentication information. You should use the following logic to decode the "id_token" value:

  • Splitting the encoded string into 3 components: Header, Body, and Signature by the dot "." delimiter: headerEncoded.bodyEncoded.signatureEncoded
  • Get the header in JSON string as headerJSON = base64url_decode(headerEncoded).
  • Get the body in JSON string as bodyJSON = base64url_decode(bodyEncoded).
  • Get the signature in JSON string as signatureJSON = base64url_decode(signatureEncoded).
  • Validate the signature using the algorithm given in the header.
  • If the signature is good, take the information in the body and continue.

Here is example of an id_token string:


After splitting and Base64URL decoding, we have:

Header =
  "alg": "HS256",
  "typ": "JWT"

Body = 
  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022

Signature = 0x

The "Body" component in an id_token is also called "Payload", or "Claim" of an authentication.

By the way, Base64URL encoding is same as Base64 encoding except for 2 encoding characters: "_" is used instead of "/", and "-" is used instead of "+". This is to make the encoded string URL safe.


What Is the Authentication Claim in id_token

OpenID Connect Authorization Code Flow

OpenID Connect Authentication Flows

⇑⇑ OpenID Tutorials

2019-01-15, 449👍, 0💬