Info
This document is valid from ICM 7.10.22.0.
This reference describes the several token types used within or accepted by Intershop Commerce Management (ICM).
Term | Description |
---|---|
JWT | JSON Web Token |
Token Type | Description |
---|---|
ID Token | A token containing information about a user's identity |
Access Token | A token granting access to a certain resource |
Refresh Token | A token granting access to a resource that allows to request new ID and access tokens |
All ID tokens support the following required (payload) claims:
Claim | Description | Example |
---|---|---|
iss | Issuer of this token | https://server.example.com |
sub | Subject of this token (e.g. user id) | 24400320 |
aud | Audience (mostly the client id) | s6BhdRkqt3 |
exp | Expiration date (syntax defined by RFC3339) | 1311281970 |
iat | "issued at"-date (syntax defined by RFC3339) | 1311280970 |
The ICM server maps ID token claims to the user's profile data:
Claim | Profile Attribute |
---|---|
given_name | firstName |
family_name | lastName |
nickname | nickname |
gender | gender |
birthdate | birthdate |
phone_number | phoneNumber |
The ICM server maps ID token claims to the user's profile data:
Claim | Profile Attribute |
---|---|
given_name | firstName |
family_name | lastName |
nickname | nickname |
gender | gender |
birthdate | birthdate |
phone_number | phoneNumber |
login | Built using the pattern: externalUserName + "#" + externalUserId + "@" + identityProviderId with:
|
The ICM supports JWT Token creation ("token" resource). These JWT are filled using the following data:
Profile Attribute | Claim |
---|---|
profileID | user_id |
firstName + <space> + lastName | name |
firstName | given_name |
lastName | family_name |
login | preferred_username |
Other required claims are set with the following values or data:
Claim | Resolved |
---|---|
sub (subject) | user_id |
iss (issuer) | web-server-secure-URL |
aud (audience) | "ICMClient" |
exp (expires) | creation date + life time |
iat (issued at) | current date |
nonce | A uuid |
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.