The Compact JWS token entity

A compact JWS (JSON Web Signature) token object used to authenticate a staff member to an inTandem app via a JWKS (JSON Web Key Set) process. The token is signed by the staff's private key and can be verified using the platform's public key. It contains information about the staff member, the actor generating the token, and the app.

Properties

Example

{
    "uid": "eyJ0eXAiOiJKV1QiLA0KIC",
    "token": "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
    "expiry_date": "2021-07-20T14:00:00.000Z",
  	"app_code_name": "quickbooks"
}

 

Sample content of an unpacked token

{  
    "token": {
        "business_uid": "762pz89b34jv4fv0",
        "directory_uid": "inlo4rm3ntd886s6",
        "actor_uid": "300",
        "actor_type": "admin",
        "sub": "3ka35wxrqmjmny2w",
        "sub_type": "staff",
        "iss": "intandem",
        "aud": "test-app",
        "kid": "535bce9a-ce95-4a48-80e8-a0460b4c4c56",
        "iat": 1736771778,
        "exp": 1736772078,
        "jti": "0.269nwvrbckz"
    }  
}

• business_uid - the uid of the business account using this token
• directory_uid - the uid of the directory the business account belongs to
• actor_uid - the actor sending this message. same as sub, if this is not an impersonation session
• actor_type - the actor type (typically staff, can be directory or operator if impersonating)
• sub- the token subject, i.e. the staff ID
• sub_type - the type of actor of the subject (typically staff)
• iss- the token issuer, typically “inTandem”
• aud- the token audience, this is the app code name
• kid- id of the key used to sign the JWT (useful for verifying the token)
• iat- the token issuance timestamp
• exp- the token expiry date (i.e. the iat plus the hardcoded ticket expiration duration)
• jti- the token identifier