Claims Reference
Claims are name/value pairs issued in tokens or returned by UserInfo to describe the authenticated subject, client, tenant, or authorization context.
Common Claims
| Claim | Description |
|---|---|
sub | Stable subject identifier |
iss | Token issuer |
aud | Intended audience |
exp | Expiration timestamp |
iat | Issued-at timestamp |
client_id | OAuth client identifier |
scope | Granted scopes |
tenant_id | Tenant context when applicable |
role | Assigned role or roles |
email | User email address when released |
name | Display name when released |
Common Pitfalls
- Expecting every claim to appear in every token type.
- Using display claims such as
nameoremailas stable identifiers.
Troubleshooting
- If claims are missing, verify requested scopes, user profile data, and token mapping policy.