The id_token I get at the end of the OAuth exchange has the following:
"id_token": {
"aud":"xxx.apps.googleusercontent.com",
"email_verified":true,
"iss":"accounts.google.com",
"email":"[email protected]",
"iat":1234,
"exp":1234,
"azp":"xxx.apps.googleusercontent.com",
"at_hash":"xxxy",
"sub":"1243"
}
I wanted to know what these stand for? More importantly, which of these fields can I use as a primary key (id)?
Google adheres to the OpenID Connect standard which defines the
id_token
. So you can find the meaning in that specification here: http://openid.net/specs/openid-connect-core-1_0.html#IDTokenFurthermore
email
andemail_verified
are standardized claims, found here http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims:So you'll notice that the
sub
is the primary key, which is unique per user over time at least within the scope of the Provider. E-mail is not, because it may be reassigned at some point.