Comment on page

Checking the response

To ensure the integrity of the results from the Identity SDK, the return information is inserted into the payload in a JSON Web Token (JWT) signed using your clientSecret. This token is called an attestation, and must be sent to your backend and verified before granting the user access to your system.
How to get your clientSecret
See the documentation about Identity access tokens.
JWT validation
For user validation, we use the returned JWT token.
From it we take data needed for validation (isAuthorized and isNewContext).
Data entered into JWT
Field
Type
Description
attemptId
string
Authentication attempt ID
peopleId
string
Authenticated user CPF
policyId
string
Validated policy ID
isAuthorized
boolean
Indicates whether the user has been authorized according to the policy rules
isNewContext
boolean
Indicates whether the user context was already known
How to extract data from the JWT
import jwt from 'jsonwebtoken';
​
const attestation = 'attestation received from SDK';
const secret = 'secret of your user';
const attestationData = jwt.verify(attestation, secret);
​
console.log(attestationData);
the documentationthe documentationthe documentation
/* Log:
{
    attemptId: "6018d4da5ea6db000849a669"
    exp: 1612240210
    iat: 1612240090
    isAuthorized: true
    isNewContext: false
    peopleId: "[cpf]"
    policyId: "[policy id]"
}
*/
Authorization check
const { isAuthorized, isNewContext } = attestationData;
​
if(isAuthorized && !isNewContext) {
    // authorized user with no verification required
} else if(isAuthorized && isNewContext) {
    // authorized user after verification
}

Field	Type	Description
`attemptId`	string	Authentication attempt ID
`peopleId`	string	Authenticated user CPF
`policyId`	string	Validated policy ID
`isAuthorized`	boolean	Indicates whether the user has been authorized according to the policy rules
`isNewContext`	boolean	Indicates whether the user context was already known

Last modified 10mo ago