The Compact JWS token entity

A compact JWS (JSON Web Signature) token object used to authenticate a staff member to an inTandem app via a JWKS (JSON Web Key Set) process. The token is signed by the staff's private key and can be verified using the platform's public key. It contains information about the staff member, the actor generating the token, and the app.

Properties

Name	Description	Type	Example
uid	Unique identifier of the compactJWSToken token	string	`eyJ0eXAiOiJKV1QiLA0KIC`
token	The JWS token used to authenticate the staff member to the app. The token contains information about the staff member, the actor generating the token, and the app itself.	string	`eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk`
expiry_date	the date in which the token will expire	date-time	2021-07-20T14:00:00.000Z

Example

{
    "uid": "eyJ0eXAiOiJKV1QiLA0KIC",
    "token": "eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ.dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk",
    "expiry_date": "2021-07-20T14:00:00.000Z"
}

Sample content of an unpacked token

{  
    "token": {  
        "uid": "enaqfpnssy76rbk0",  
        "type": "staff",  
        "business_uid": "g98cudh39m8lg7bw", 
        "impersonator_uid":null, // will be null if no impersonation 
        "_origin_jwt": "eyJhbGciOiJSUzUxMiJ9.eyJpYXQiOjE3MzQ5Mzc3NDUsImV4cCI6MTczNDk0MTM0NSwiaXNzIjoiZW5hcWZwbnNzeTc2cmJrMDpzdGFmZiIsImJlbG9uZ3MiOiJnOThjdWRoMzltOGxnN2J3OmJ1c2luZXNzO2s5OGF4dHBxZzdoMXdoaDY6ZGlyZWN0b3J5Iiwic2NwIjoiYWxsIn0.hKaRpRe5jNasSL-q03uXlMJiZWh4_L_Ya5-0UnkkphyQrVYs_1th0yocv39MKLzgwm9KVSFb2olesCYG4Hsm-IuHdyKyQfoBF4FpoRi96HKuP9vTRkWw_YWvI4ibP4bgjiG08a72COeWFbxDrB6lwp3a5KqfF1bjp93EKuD7mnbkHEfK-7ax4YOx-MVO1RtXp5sdt7M8PUs5blAEjg1PZgAQKhWgAs8U-8kYJQNFYRAZ1OdBMtDPRpCTpJJjhKT55KisUsTT1vUPQMg25ZI6UVU9Qi3GaSQGCTpjkLglmvfNj8Jw4AF_OJdaOlSRDJQFwm8aY3t4ZBMAV0N8zlNCqg",  
        "kid": "x0Gssv13poHjJboHHCoPSZeeplvWWqRfYSZdSL5xNA8",  
        "sub": "enaqfpnssy76rbk0",  
        "iss": "intandem",  
        "aud": "test-app",  
        "iat": 1734937745,  
        "exp": 1734938045,  
        "jti": "0.4oiv2yib6b9"  
    }  
}

uid - the actor uid
type - the actor type (typically staff)
business_uid - the uid of the business account using this token
impersonator_uid - the actor impersonating the session. null if this is not an impersonation session
kid- id of the key used to sign the JWT (useful for verifying the token)
sub- the token subject, i.e. the staff ID
iss- the token issuer, typically “inTandem”
aud- the token audience, this is the app code name
iat- the token issuance timestamp
exp- the token expiry date (i.e. the iat plus the hardcoded ticket expiration duration)
jti- the token identifier