Home API SDK

Checking the response

To ensure the integrity of the results from the Identity SDK, the return information is inserted into the payload in a JSON Web Token (JWT) signed using your clientSecret. This token is called an attestation, and must be sent to your backend and verified before granting the user access to your system.

How to get your clientSecret

See the documentation about Identity access tokens.

JWT validation

For user validation, we use the returned JWT token.

From it we take data needed for validation (isAuthorized and isNewContext).

Data entered into JWT

FieldTypeDescription

attemptId

string

Authentication attempt ID

peopleId

string

Authenticated user CPF

policyId

string

Validated policy ID

isAuthorized

boolean

Indicates whether the user has been authorized according to the policy rules

isNewContext

boolean

Indicates whether the user context was already known

How to extract data from the JWT

import jwt from 'jsonwebtoken';

const attestation = 'attestation received from SDK';
const secret = 'secret of your user';
const attestationData = jwt.verify(attestation, secret);

console.log(attestationData);
the documentationthe documentationthe documentation
/* Log:
{
    attemptId: "6018d4da5ea6db000849a669"
    exp: 1612240210
    iat: 1612240090
    isAuthorized: true
    isNewContext: false
    peopleId: "[cpf]"
    policyId: "[policy id]"
}
*/

Authorization check

const { isAuthorized, isNewContext } = attestationData;

if(isAuthorized && !isNewContext) {
    // authorized user with no verification required
} else if(isAuthorized && isNewContext) {
    // authorized user after verification
}

Last updated

Logo

2023 © Caf. - All rights reserved