TokenX reference¶
Claims¶
In addition to the standard claims, tokens from TokenX include the following claims:
| Claim | Description |
|---|---|
idp |
The original issuer of the subject token |
client_id |
The consumer's client_id. Follows the naming scheme <cluster>:<namespace>:<appname> |
Other claims such as pid are copied verbatim from the original token issued by ID-porten.
Claim Mappings¶
Some claims are mapped to a different value for legacy/compatibility reasons.
The table below shows the claim mappings:
| Claim | Original Value | Mapped Value |
|---|---|---|
acr |
idporten-loa-substantial |
Level3 |
acr |
idporten-loa-high |
Level4 |
The mappings will be removed at some point in the future.
If you're using the acr claim in any way, check for both the original and mapped values.
Runtime Variables & Credentials¶
Your application will automatically be injected with environment variables at runtime.
Variables for acquiring tokens¶
These variables are used to 
consume an API:
| Name | Description |
|---|---|
TOKEN_X_CLIENT_ID |
Client ID that uniquely identifies the application in TokenX. |
TOKEN_X_PRIVATE_JWK |
Private JWK containing an RSA key belonging to client. |
TOKEN_X_TOKEN_ENDPOINT |
token_endpoint from the metadata discovery document. |
Variables for validating tokens¶
These variables are used to secure your API:
| Name | Description |
|---|---|
TOKEN_X_CLIENT_ID |
Client ID that uniquely identifies the application in TokenX. |
TOKEN_X_WELL_KNOWN_URL |
The URL for Tokendings' metadata discovery document. |
TOKEN_X_ISSUER |
issuer from the metadata discovery document. |
TOKEN_X_JWKS_URI |
jwks_uri from the metadata discovery document. |
Spec¶
See the 
NAIS application reference.