ID Token

ID Token is a token that tells us that the user has been authenticated. It was introduced by OpenID Connect standard for authentication used by by identity providers such as Google, Facebook etc. The basic idea of the ID token is: proof of the user’s authentication.

ID Tokens are encoded with Base64 which can be decoded with many different libraries.

ID Tokens are also signed by the issuer with a Private key which guarantees the origin of the token and ensures that it’s not been tempered with. They can be verified by using Public key.

Structure

{   
  "iss": "http://my-domain.auth0.com",   
  "sub": "auth0|123456",   
  "aud": "1234abcdef",   
  "exp": 1311281970,   
  "iat": 1311280970,   
  "name": "Jane Doe",   
  "given_name": "Jane",   
  "family_name": "Doe"  
}

The decoded token has certain JWT Claims but the most important is aud which stands for audience. aud’s value is a client id of the application that should consume the token.

ID tokens may have more information about the user, such as name, given_name, email.

Use cases

demonstration that the user has been authenticated by the entity you trust (OpenID provider) and that the claims can be trusted.
You can use data to personalise the application.

Function Junction

Explorer

ID Token

Structure

Use cases

Recent Notes

Ahoy, brave internet wanderer!

USA Wild West Camper Van

Switzerland 2025

Table of Contents

Backlinks