A key received by the application on behalf of a logged on user. Should contain information about the user, it's roles and parameters for access control in the application and subordinate services that the application would want to use on behalf of the logged on user.
XML for readability. 1-1 relation to a SAML2 token if that is needed.
- Customer reference
- Name (duplicate of customer name)
- user credentials
- 2 factor endpoint (cell phone number)
- 0. 3rd party tokens (FB, NetIQ, OAUTH2), Pin-Login, Pin-signup and persistent cookie(s)
- 1. username & password
- 2. 2 factor auth
- 3. EID
- 4. BankID
- (last seen)
We recommend using XPath to extract data from a UserToken. Some UserToken XPATH Examples
This ensures that existing applications will not be affected when content/structure needs to be changed when introducing new applications.
Note: As of Whydah 2.1, the returned UserToken is filtered through an applicationTokenID, and will thus only return the roles of the application it is sent to