The result of a consent is a JWT (JSON web token) with data about the given consent.
Use the discovery endpoint to find the URL for the token endpoint.
[E-Consent host]/e-consent/.well-known/openid-configuration
The response from the endpoint is a JSON structure with standard OIDC fields access_token, token_type, refresh_token, expires_in. In addition there is a field with the same name as the token name used in custom_claims section of the request. The value for this field is a signed JWT. The payload of the JWT contains the following fields:
|
Field |
Description |
|---|---|
|
sub |
Subject identifier, the ID of the signer. If possible, E-Consent extracts the SSN (social security number) during the signing or identification. |
|
iss |
The url of the issuer. The base of the redirect_url to the authorization endpoint is used. |
|
exp |
When the token expires as UNIX stamp. |
|
iat |
When the token was issued as UNIX stamp. |
|
aud |
Space separated list of audience/who can use the token. For now, only the ID of the requesting client_id is added. |
|
auth_time |
Time of when the user authenticated as UNIX stamp. |
|
amr |
Authentication methods used (e.g. "E-signing", "BankID mobile" ..). |
|
scope |
The operation that the token can be used for. Same as the input scope to the authorization endpoint. |
|
... rest of claims |
The custom claims as passed to the authorization endpoint. |