Comment on page
Checking the response
To ensure the integrity of the results from the Identity SDK, the return information is inserted into the payload in a JSON Web Token (JWT) signed using your
clientSecret
. This token is called an attestation, and must be sent to your backend and verified before granting the user access to your system.For user validation, we use the returned JWT token.
From it we take data needed for validation (
isAuthorized
and isNewContext
).Field | Type | Description |
---|---|---|
attemptId | string | Authentication attempt ID |
peopleId | string | Authenticated user CPF |
policyId | string | Validated policy ID |
isAuthorized | boolean | Indicates whether the user has been authorized according to the policy rules |
isNewContext | boolean | Indicates whether the user context was already known |
import jwt from 'jsonwebtoken';
const attestation = 'attestation received from SDK';
const secret = 'secret of your user';
const attestationData = jwt.verify(attestation, secret);
console.log(attestationData);
the documentationthe documentationthe documentation
/* Log:
{
attemptId: "6018d4da5ea6db000849a669"
exp: 1612240210
iat: 1612240090
isAuthorized: true
isNewContext: false
peopleId: "[cpf]"
policyId: "[policy id]"
}
*/
const { isAuthorized, isNewContext } = attestationData;
if(isAuthorized && !isNewContext) {
// authorized user with no verification required
} else if(isAuthorized && isNewContext) {
// authorized user after verification
}
Last modified 10mo ago