Checking the response

To ensure the integrity of the results from the Identity SDK, the return information is included in a payload within a JSON Web Token (JWT) signed using your clientSecret. This token is called an attestation and must be sent to your backend and verified before granting the user access to your system.

In addition to the attestation when isAuthorized is true, which contains the attemptId within the token, there is also a case when isAuthorized is false. In this scenario, the attemptId is returned alongside the isAuthorized field.

Please ensure that both the attestation and attemptId (when applicable) are properly handled and verified in your backend system.

How check response without JWT(attestation)

In cases where the attestation is not present in the response, you will receive an object with two fields: isAuthorized and attemptId.

const response = 'response from sdk';
console.log(response);

/* Log:
{
    attemptId: "6018d4da5ea6db000849a669",
    isAuthorized: false
}
*/

The attemptId field can be used to capture data about the authentication attempt. For more information, please refer to here.

How to get your clientSecret

See the documentation about Identity access tokens.

JWT validation

For user validation, we use the returned JWT token.

From it we take data needed for validation (isAuthorized and isNewContext).

Data entered into JWT(attestation)

FieldTypeDescription

attemptId

string

Authentication attempt ID

peopleId

string

Authenticated user CPF

policyId

string

Validated policy ID

isAuthorized

boolean

Indicates whether the user has been authorized according to the policy rules

isNewContext

boolean

Indicates whether the user context was already known

How to extract data from the JWT

import jwt from 'jsonwebtoken';

const attestation = 'attestation received from SDK';
const secret = 'secret of your user';
const attestationData = jwt.verify(attestation, secret);

console.log(attestationData);
/* Log:
{
    attemptId: "6018d4da5ea6db000849a669"
    exp: 1612240210
    iat: 1612240090
    isAuthorized: true
    isNewContext: false
    peopleId: "[cpf]"
    policyId: "[policy id]"
}
*/

Authorization check

const { isAuthorized, isNewContext } = attestationData;

if(isAuthorized && !isNewContext) {
    // authorized user with no verification required
} else if(isAuthorized && isNewContext) {
    // authorized user after verification
}

Last updated

Logo

2023 © Caf. - All rights reserved