id_token Attributes

Attribute	Description
sub	The unique user ID.
iss	The CONNECT URL, using the publisher specific sub-domain.
exp	The expiration of the token (currently 30 days from issue time).
iat	The token issue time.
type	The possible values are: join: when the user has not logged in before (is not connected to the domain) pre-registered: when the user is in a pre-registered state registered: for normal users
aud	The user did not authorize the application or did not confirm the registration.
nonce	The nonce received in the authorization request is sent back to the application in the id_token.
sid	The session ID of the user on CONNECT.
email	The primary email address of the user.
email_verified	The verification state of the primary email address. It is always set to "true" as all emails are verified.
address	The country of the user.
emails	The list of all email addresses of the user.
Family_name	The last name.
Given_name	The first name.
Middle_name	The middle name (if it exists).
name	The concatenation of first, middle, and last name.
orcid_id	The orcid_id (if it exists).
isMarketable	Boolean value to indicate if the user has provided marketing consent for this publisher.
user_interaction	The possible values, depending on the flow the user followed during authentication, are: register login join This attribute can be used to distinguish new user registrations (register or join) from logins (login). New user registration can be further separated between entirely new user registration (register) and users that register with the publisher by linking their existing CONNECT profile with the publisher for the first time.
login_method	Single string value that is either email or the IdP provider that was used to log in or register (requires login_method scope).
ids	Secondary IDs of a user (requires identity_ids scope). It has the following format: `[ { "idName":"idValue" } ]`
affiliations	List of user’s affiliations (requires affiliations scope). It has the following format: `[ { “description”:”institution name”, “value”:”[email protected]” “type”:”email” “created”:”123244” “remaining”:”43432” } ]`

sub

The unique user ID.

iss

The CONNECT URL, using the publisher specific sub-domain.

exp

The expiration of the token (currently 30 days from issue time).

iat

The token issue time.

type

The possible values are:

join: when the user has not logged in before (is not connected to the domain)
pre-registered: when the user is in a pre-registered state
registered: for normal users

aud

The user did not authorize the application or did not confirm the registration.

nonce

The nonce received in the authorization request is sent back to the application in the id_token.

sid

The session ID of the user on CONNECT.

email

The primary email address of the user.

email_verified

The verification state of the primary email address. It is always set to "true" as all emails are verified.

address

The country of the user.

emails

The list of all email addresses of the user.

Family_name

The last name.

Given_name

The first name.

Middle_name

The middle name (if it exists).

name

The concatenation of first, middle, and last name.

orcid_id

The orcid_id (if it exists).

isMarketable

Boolean value to indicate if the user has provided marketing consent for this publisher.

user_interaction

The possible values, depending on the flow the user followed during authentication, are:

register
login
join

This attribute can be used to distinguish new user registrations (register or join) from logins (login). New user registration can be further separated between entirely new user registration (register) and users that register with the publisher by linking their existing CONNECT profile with the publisher for the first time.

login_method

Single string value that is either email or the IdP provider that was used to log in or register (requires login_method scope).

ids

Secondary IDs of a user (requires identity_ids scope). It has the following format:

[ 
  { 
     "idName":"idValue" 
  } 
]

affiliations

List of user’s affiliations (requires affiliations scope). It has the following format:

[ 
  { 
     “description”:”institution name”, 
     “value”:”[email protected]” 
     “type”:”email” 
     “created”:”123244” 
     “remaining”:”43432” 
  } 
]