Skip to content

TokenX reference

Claims

In addition to the standard claims, tokens from TokenX include the following claims:

Claim Description
idp The original issuer of the subject token
client_id The consumer's client_id. Follows the naming scheme <cluster>:<namespace>:<appname>

Other claims such as pid are copied verbatim from the original token issued by ID-porten.

Claim Mappings

Some claims are mapped to a different value for legacy/compatibility reasons.

The table below shows the claim mappings:

Claim Original Value Mapped Value
acr idporten-loa-substantial Level3
acr idporten-loa-high Level4

The mappings will be removed at some point in the future. If you're using the acr claim in any way, check for both the original and mapped values.

Runtime Variables & Credentials

Your application will automatically be injected with environment variables at runtime.

Variables for acquiring tokens

These variables are used to 🎯 consume an API:

Name Description
TOKEN_X_CLIENT_ID Client ID that uniquely identifies the application in TokenX.
TOKEN_X_PRIVATE_JWK Private JWK containing an RSA key belonging to client.
TOKEN_X_TOKEN_ENDPOINT token_endpoint from the metadata discovery document.

Variables for validating tokens

These variables are used to 🎯 secure your API:

Name Description
TOKEN_X_CLIENT_ID Client ID that uniquely identifies the application in TokenX.
TOKEN_X_WELL_KNOWN_URL The URL for Tokendings' metadata discovery document.
TOKEN_X_ISSUER issuer from the metadata discovery document.
TOKEN_X_JWKS_URI jwks_uri from the metadata discovery document.

Spec

See the 📚 NAIS application reference.