Tokens

Access Tokens
Access Token consists of three Base64 encoded blocks:
1. Header
{
 "alg": "HS256",
 "typ": "JWT",
 "kid": "acd744c3-aed3-4d10-886a-72b540f86e9a"
}
2. Payload
{
  "exp": 1679823551,
  "iat": 1679819951,
  "auth_time": 1679819951,
  "jti": "33fe7266-d966-4e48-b563-9ecae7c1e751",
  "iss": "https://login.hypersecureid.com/auth/realms/HyperID",
  "sub": "916e0e2e-46d9-4b80-8856-dd9fedb1b723",
  "typ": "Bearer",
  "azp": "client-service-app",
  "scope": "openid email keys auth",
  "sid": "995c78ad-ebfe-4aaf-97bd-1948ec19d371",
  "wallet_address": "0x…",
  "wallet_chain_id": "1",
  "email_verified": true,
  "email": "[email protected]"
}
, where the parameters mean the following:
Parameter name
Value 
Description
exp
1679823551
expiration time (seconds since Unix epoch)
iat
1679819951
issued at(seconds since Unix epoch)
auth_time
1679819951
when auth occurred
jti
33fe7266-d966-4e48-b563-9ecae7c1e751
jwt ID
iss
​https://login.hypersecureid.com/auth/realms/HyperID​
the issuer
sub
916e0e2e-46d9-4b80-8856-dd9fedb1b723
subject (userID)
typ
Bearer
type of a token
azp
client-service-app
authorized party (clientID)
scope
openid email keys auth
-
sid
995c78ad-ebfe-4aaf-97bd-1948ec19d371
sessionID
wallet_address
0x…
an optional wallet address used for authorization
wallet_chain_id
1
-
email_verified
true
-
email
[email protected]
-
3. Signature
Client_Secret
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  Your-256-bit-client-secret
) secret base64 encoded
RSA
RSASHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  Client-private-key-or-certificate  
)
Refresh Tokens
Token refresh consists of three Base64 encoded blocks:
1. Header
{
 "alg": "HS256",
 "typ": "JWT",
 "kid": "acd744c3-aed3-4d10-886a-72b540f86e9a"
}
2. Payload
{
  "exp": 1679823551,
  "iat": 1679819951,
  "jti": "9f518a21-66e1-4ab2-9771-d32c63ca878d",
  "iss": "https://login.hypersecureid.com/auth/realms/HyperID",
  "aud": "https://login.hypersecureid.com/auth/realms/HyperID",
  "sub": "916e0e2e-46d9-4b80-8856-dd9fedb1b723",
  "typ": "Refresh",
  "azp": "client-service-app",
  "scope": "openid email keys auth",
  "sid": "995c78ad-ebfe-4aaf-97bd-1948ec19d371"
}
, where the parameters mean the following:
Parameter name
Value
Description
exp
679823551
expiration time (seconds since Unix epoch)
iat
1679819951
issued at(seconds since Unix epoch)
jti
9f518a21-66e1-4ab2-9771-d32c63ca878d
jwt ID
iss
​https://login.hypersecureid.com/auth/realms/HyperID​
the issuer
aud
​https://login.hypersecureid.com/auth/realms/HyperID​
a target audience (who or what tokens are issued for)
sub
916e0e2e-46d9-4b80-8856-dd9fedb1b723
-
typ
Refresh
the type of a token
azp
client-service-app
authorized party (clientID)
scope
openid email keys auth
-
sid
995c78ad-ebfe-4aaf-97bd-1948ec19d371
sessionID
3. Signature
Client Secret
HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  Your-256-bit-client-secret
) secret base64 encoded
​
RSA
RSASHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  Client-private-key-or-certificate  
)

Parameter name	Value	Description
exp	1679823551	expiration time (seconds since Unix epoch)
iat	1679819951	issued at(seconds since Unix epoch)
auth_time	1679819951	when auth occurred
jti	33fe7266-d966-4e48-b563-9ecae7c1e751	jwt ID
iss	https://login.hypersecureid.com/auth/realms/HyperID	the issuer
sub	916e0e2e-46d9-4b80-8856-dd9fedb1b723	subject (userID)
typ	Bearer	type of a token
azp	client-service-app	authorized party (clientID)
scope	openid email keys auth	-
sid	995c78ad-ebfe-4aaf-97bd-1948ec19d371	sessionID
wallet_address	0x…	an optional wallet address used for authorization
wallet_chain_id	1	-
email_verified	true	-
email	[email protected]	-

Parameter name	Value	Description
exp	679823551	expiration time (seconds since Unix epoch)
iat	1679819951	issued at(seconds since Unix epoch)
jti	9f518a21-66e1-4ab2-9771-d32c63ca878d	jwt ID
iss	https://login.hypersecureid.com/auth/realms/HyperID	the issuer
aud	https://login.hypersecureid.com/auth/realms/HyperID	a target audience (who or what tokens are issued for)
sub	916e0e2e-46d9-4b80-8856-dd9fedb1b723	-
typ	Refresh	the type of a token
azp	client-service-app	authorized party (clientID)
scope	openid email keys auth	-
sid	995c78ad-ebfe-4aaf-97bd-1948ec19d371	sessionID

Last modified 24d ago