OIDCClaimName
org.sagebionetworks.repo.model.oauth.OIDCClaimName
The OIDC claims supported by Synapse some of which are standardized in OpenID Connect Core 1.0 Standard Claims
Enumeration
| name | description |
|---|---|
| iss | The OIDC Provider, Synapse |
| sub | The user whose identity is shared and whose resources are accessed |
| aud | The ID of the OIDC client application |
| iat | Issued At timestamp |
| nbf | Not Before timestamp |
| exp | Expiration timestamp |
| auth_time | The timestamp for the event in which the user most recently logged in to Synapse |
| The user's email address | |
| email_verified | Whether the email was verified as belonging to the user. (Always true for Synapse.) |
| given_name | The subject's first name |
| family_name | The subject's last name |
| company | The subject's company/employer |
| team | The id(s) of Synapse teams of which the subject is a member, taken from a list of IDs presented by the client |
| userid | The immutable principal ID referencing the Synapse user |
| user_name | The Synapse user name |
| orcid | The ORCID linked to the user account |
| is_certified | Whether the user is certified. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-CertifiedUser |
| is_validated | Whether the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_given_name | The validated first name, if the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_family_name | The validated last name, if the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_location | The validated location, if the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_email | The validated email, if the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_company | The validated company/organization, if the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_orcid | The validated ORCID, if the user is validated. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| validated_at | The timestamp (seconds since the epoch) when validation occurred. See https://help.synapse.org/docs/Synapse-User-Account-Types.2007072795.html#SynapseUserAccountTypes-ValidatedUsers |
| refresh_token_id | The ID of the OAuth 2 refresh token affiliated with this access token, if one exists. |
| token_type | The TokenType of this token. |
| ga4gh_passport_v1 | GA4GH Passport |