Search
⌃K
Links

Checking the response

To ensure the integrity of the results from the Identity SDK, the return information is inserted into the payload in a JSON Web Token (JWT) signed using your clientSecret. This token is called an attestation, and must be sent to your backend and verified before granting the user access to your system.

How to get your clientSecret

See the documentation about Identity access tokens.

JWT validation

For user validation, we use the returned JWT token.
From it we take data needed for validation (isAuthorized and isNewContext).

Data entered into JWT

Field
Type
Description
attemptId
string
Authentication attempt ID
peopleId
string
Authenticated user CPF
policyId
string
Validated policy ID
isAuthorized
boolean
Indicates whether the user has been authorized according to the policy rules
isNewContext
boolean
Indicates whether the user context was already known

How to extract data from the JWT

import jwt from 'jsonwebtoken';
​
const attestation = 'attestation received from SDK';
const secret = 'secret of your user';
const attestationData = jwt.verify(attestation, secret);
​
console.log(attestationData);
the documentationthe documentationthe documentation
/* Log:
{
attemptId: "6018d4da5ea6db000849a669"
exp: 1612240210
iat: 1612240090
isAuthorized: true
isNewContext: false
peopleId: "[cpf]"
policyId: "[policy id]"
}
*/

Authorization check

const { isAuthorized, isNewContext } = attestationData;
​
if(isAuthorized && !isNewContext) {
// authorized user with no verification required
} else if(isAuthorized && isNewContext) {
// authorized user after verification
}