<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview

%%information
[Google]'s [{$pagename}] __does NOT__ conform to the [OpenID Connect] [Identity Token] specification. 
%%
The __REQUIRED__ sub parameter is missing!


%%information
[Google]'s [{$pagename}] __does NOT__ conform to the [JSON Web Token Claims] specification. 
%%
There __user_id__ parameter is not a registered [JSON Web Token Claim]. 

The __user_id__ is the identifier of the user at the [Identity Provider (IDP)]. 

The user_id field in the Identity Toolkit ID Token is a global identifier, unique across all IDPs, for this user, in the context of your site or app. It is not shared with other sites or apps which use Identity Toolkit. In other words, Identity Toolkit does not provide a global identifier across different developers (relying parties).

When a user signs in successfully on a [Identity Toolkit]-enabled site, [Identity Toolkit]’s widgets set a cookie named “gtoken”. It is a [JSON Web Token] ([JWT]), a [cryptographically-signed|digital Signature] [JSON] object encoded in [base 64]. The [Identity Toolkit] [JWT] is very similar to an [OpenID Connect] [ID token|Identity Token] and we will refer to this as the [Identity Toolkit ID Token]. 

!!Decoding the Identity Toolkit ID Token

An ID Token is a JWT containing a set of name/value pairs. Here’s an example:
%%prettify 
{{{
{
    &quot;iss&quot; : &quot;https://identitytoolkit.google.com/&quot;,
    &quot;user_id&quot; : 829A8CD24E,
    &quot;aud&quot; : &quot;622215261071.apps.googleusercontent.com&quot;,
    &quot;provider_id&quot; : &quot;google.com&quot;,
    &quot;iat&quot; : 1408553860,
    &quot;exp&quot; : 1409763460,
    &quot;email&quot; : &quot;jsmith@example.com&quot;,
    &quot;verified&quot;: &quot;true&quot; 
}
}}}

The fields used by Identity Toolkit are:
%%zebra-table
%%sortable
%%table-filter
||Parameter||Present?||Description
|iss|always|The Issuer Identifier for the Issuer of the response. This will always be &quot;https://identitytoolkit.google.com/&quot;.
|user_id|always|The user’s local ID on your site. Identity Toolkit will generate new user_id numbers once you begin to use it for new user sign-ups.
|aud|always|Identifies the audience that this ID Token is intended for. It must be one of the OAuth 2.0 Client IDs of your application.
|provider_id|sometimes|The base URL of the identity provider.
|iat|always|An integer giving the time the ID token was issued, in seconds since the beginning of 1970, UTC.
|exp|always|An integer giving the time the ID Token expires, in seconds since the beginning of 1970, UTC.
|email|sometimes|The user’s email address. This may not be unique and is not suitable for use as a primary key.
|verified|sometimes|True if the user's e-mail address has been verified; otherwise false. If the user goes through the Identity Toolkit email recovery flow and activates the URL, Identity Toolkit will mark this as verified.
/%
/%
/%



!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>