Checking the response
To ensure the integrity of the results from the Identity SDK, the return information is inserted into the payload in a JSON Web Token (JWT) signed using your clientSecret
. This token is called an attestation, and must be sent to your backend and verified before granting the user access to your system.
How to get your clientSecret
clientSecret
See the documentation about Identity access tokens.
JWT validation
For user validation, we use the returned JWT token.
From it we take data needed for validation (isAuthorized
and isNewContext
).
Data entered into JWT
Field | Type | Description |
---|---|---|
| string | Authentication attempt ID |
| string | Authenticated user CPF |
| string | Validated policy ID |
| boolean | Indicates whether the user has been authorized according to the policy rules |
| boolean | Indicates whether the user context was already known |
How to extract data from the JWT
Authorization check
Last updated