Consent token details

The result of a consent is a JWT (JSON web token) with data about the given consent. 

Use the discovery endpoint to find the URL for the token endpoint.

[E-Consent host]/e-consent/.well-known/openid-configuration

The response from the endpoint is a JSON structure with standard OIDC fields access_token, token_type, refresh_token, expires_in. In addition there is a field with the same name as the token name used in custom_claims section of the request. The value for this field is a signed JWT. The payload of the JWT contains the following fields:

Field​Description
sub​Subject identifier, the ID of the signer. If possible, E-Consent extracts the SSN (social security number) during the signing or identification.
​iss​The url of the issuer. The base of the redirect_url to the authorization endpoint is used.
​exp​When the token expires as UNIX stamp.
​iat​When the token was issued as UNIX stamp.
​aud​Space separated list of audience/who can use the token. For now, only the ID of the requesting client_i​d is added.
​auth_time​Time of when the user authenticated as UNIX stamp.
​amr​Authentication methods used (e.g. "E-signing", "BankID mobile" ..).
​scope​The operation that the token can be used for. Same as the input scope to the authorization endpoint.
​... rest of claims​The custom claims as passed to the authorization endpoint.