JWT

JWT Signing

The JWT from the User Aptitude will be signed with a RS256 key. The corresponding public key can be used to validate the signature of the JWT. This will verify that the JWT was generated by the User Aptitude. The public key for this validation can be found in the LDK repo at this location (raw value here).

JWT Claims

The claims in the JWT are as follows:

Standard Claims

• sub (Subject): contains the unique user ID of the current Olive Helps user.

• exp (Expiration): the token is set to expire 5 minutes from the time of its creation.

• iss (Issuer): the endpoint from which the token was requested. This should be https://sidekick.oliveai.com/api/user/createJWT.

• iat (Issued At): identifies the time at which the JWT was issued.

Additional Claims

• azp (Authorized Party): a domain that contains the ID of the Loop which requested the JWT. Follows this convention: ${loop ID}.loop.oliveai.com

Optional Claims

• email: contains the email address of the current Olive Helps user. This claim can be requested by passing true as the value of the includeEmail parameter within the JWTConfig object (with the required permission).

• fullName: contains the full name of the current Olive Helps user. This claim can be requested by passing true as the value of the fullName parameter within the JWTConfig object (with the required permission).

• organizationId: contains the organization ID of the current Olive Helps user. This claim can be requested by passing true as the value of the organizationId parameter within the JWTConfig object (with the required permission).

• organizationName: contains the organization name of the current Olive Helps user. This claim can be requested by passing true as the value of the organizationName parameter within the JWTConfig object (with the required permission).