ID Token Structure

ID tokens follow the JSON Web Token (JWT) standard, which means that their basic structure conforms to the typical JWT Structure, and they contain standard JWT Claims asserted about the token itself.

Beyond what is required for JWT, ID tokens also contain claims asserted about the authenticated user, which are pre-defined by the OpenID Connect (OIDC) protocol, and are thus known as standard OIDC claims. Some standard OIDC claims include:

  • name

  • nickname

  • picture

  • email

  • email_verified

For a full list of standard OIDC claims, see OIDC specification: Standard Claims. You can also create custom claims, which are claims that you define, control, and add to a token using a rule.

You control which OIDC claims are included in the ID token consumed by your application by including specific OpenID Connect Scopes in a parameter when you request tokens while authenticating users. To learn how to request an ID token, see Get ID Tokens.

Sample ID Token

This example shows the contents of an ID token. Notice that the audience value (located in the aud claim) is set to the application's identifier, which means that only this specific application should consume the token.

{
  "iss": "http://my-domain.auth0.com",
  "sub": "auth0|123456",
  "aud": "my_client_id",
  "exp": 1311281970,
  "iat": 1311280970,
  "name": "Jane Doe",
  "given_name": "Jane",
  "family_name": "Doe",
  "gender": "female",
  "birthdate": "0000-10-31",
  "email": "janedoe@example.com",
  "picture": "http://example.com/janedoe/me.jpg"
}

Learn more