Skip to main content

🔑 Token Customization

Run in Postman

The MetaKey type

A MetaKey is used to customize data about a user or an application. It's available for all in Organization directory.

ATTRIBUTES

__domain__ ID

The __domain__ is the User's Organization domain.


name STRING

The name to describe the purpose of value that will be associated to


type ENUM

The basic type (string, integer, date ...) that value should be compatible to.


required BOOLEAN

If set to true, all Organization users should have a matadata link to this MetaKey

EXAMPLE
A MetaKey type

{
"__type__": "MetaKey",
"__domain__": "misapret",
"name": "department",
"type": "STRING",
"required": "true"
}

The JwtSample type

When an Oauth session is created (after a successful Magic link or SSO Connection process), JWT are generated to authenticate and identify user.

These tokens are dependant of MetaKey and Metadata associated to resources (user and application for example).

The JwtSample type is there to inform about current structure of JWT that will be generated for your end-user sessions.

ATTRIBUTES

__domain__ ID

The __domain__ is the User's Organization domain.


access_token_jwt JWT

A JWT access token sample base on a sample user with all MetaKey registered on the Organization.


access_token_keys OBJECT

The "treeview" of keys present in the JWT access token. This will contains at root all default keys and all keys of MetaKey registered for the organization


id_token_jwt OBJECT

A JWT ID token sample base on a sample user with all MetaKey registered on the Organization.


id_token_keys OBJECT

The "treeview" of keys present in the JWT ID token. This will contains at root all default keys and all keys of MetaKey registered for the organization

EXAMPLE
A MetaKey type

{
"__domain__": "shark-academy",
"__type__": "__JwtSamples__",
"access_token_jwt": "eyJhbGciOiJSUzI1NiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC90L3NoYXJrLWFjYWRlbXkiLCJraWQiOiI5ZjhlNTE1MC1lNWIxLTQ4MWEtOTAyNS1mYzc2YmQ1Y2JlYmUiLCJ0eXAiOiJKV1QifQ.eyJhcHBsaWNhdGlvbl9tZXRhZGF0YSI6e30sImF1ZCI6bnVsbCwiY2lkIjpudWxsLCJkYnMiOiJkZWZhdWx0IiwiZW1haWwiOm51bGwsImV4cCI6MTY0NzMwMTg2NiwiaWF0IjoxNjQ3MjY1ODY2LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjQwMDAvdC9zaGFyay1hY2FkZW15IiwianRpIjoiZWQ3N2Y3ZDAtYTJkOS00NGI0LTgwMzItYWYxMTZjYTgxZDg0IiwianR0IjoiYWNjZXNzIiwic2NwIjpudWxsLCJzdWIiOm51bGwsInRudCI6InNoYXJrLWFjYWRlbXkiLCJ2ZXIiOjF9.OFjV1A7eKL1r9YrHNUN0cydffB4R8C2nOgbDvzyedy1-ySLYA3akponMAqwqELzMlpoCINBJrgKUTn-k346h3O8E7rx-Dav6LUF2nf_R24-ctwEY5IgpBIg72meaTqUEbrpSR8YiyR9QamnpiBcP9LEl05iQJwt49d7bwWmf6-NHcr6FWgMNcLkiJRzhUDPmhtt74gwOkXB2x8BU6I3ePxVlmAMCgUxuueaJr-OTH2_kE0StrT0VvFHBYNaCfPPpv_ssEaOjdHQecZ-b5Lv1yQSGue8j_mhfuonqJSq869XPGQpwNWI-YCyo0Ua5ST0vksUyvNJELLZLeQlXXcAYNrA4UJaAOGDUVr8TLK1d9yT7RsXTDkfYSbOIFXucjgEqZEbXmX_oLJjx8rDhxCVQNu44GYZYEKjWg0cZcLa7VaFCfZ85TlYlEMHnNfVck-eky44K-LpIYVTYDtD0njvsEI269HEJnBeNFALNfMjPdSP3q9uP7p-qv-LDTaZYFiu6CnaFoCyuUjt9Hq8U7NdWCvhekhdhITCAXLYE9Es0wh_N0AhD4nuNTBJtOk0PQT0AEWw1CqeDOZo3M4clmE-Sb0UqkUVGyFvZygxQY60QrmlLxYhnx_dxud54WyPCjM_doJPrWwMaLko8UryOj8xGST4fqlhC2tTlSLW8WqbcAdI",
"access_token_keys": [
[
"application_metadata",
[]
],
"aud",
"cid",
"dbs",
"email",
"exp",
"iat",
"iss",
"jti",
"jtt",
"scp",
"sub",
"tnt",
"ver"
],
"id_token_jwt": "eyJhbGciOiJSUzI1NiIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6NDAwMC90L3NoYXJrLWFjYWRlbXkiLCJraWQiOiI5ZjhlNTE1MC1lNWIxLTQ4MWEtOTAyNS1mYzc2YmQ1Y2JlYmUiLCJ0eXAiOiJKV1QifQ.eyJhcHBsaWNhdGlvbl9tZXRhZGF0YSI6e30sImF0X2hhc2giOiIwb3R0aENZMFdldXMzZXVNM05adV9BIiwiY19oYXNoIjoiVnBUUWlpNVRfOHJnd3hBLVd0YjJCdyIsImRicyI6ImRlZmF1bHQiLCJleHAiOjE2NDczMDE4NjYsImlhdCI6MTY0NzI2NTg2NiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo0MDAwL3Qvc2hhcmstYWNhZGVteSIsImp0aSI6IjNlMDRhZTM3LTc5ZTctNDAwYy1hMGRiLWVjZDIxZjUwNWU5ZCIsImp0dCI6Im9wZW5pZCIsIm5vbmNlIjoiKiIsInJlc291cmNlX293bmVyX21ldGFkYXRhIjp7ImF1dGhubWV0aG9kc3JlZmVyZW5jZXMiOnsiaWQiOiIxNTM0NjgzNi0xMjJhLTRhMTAtYjNlYy04ODc4YjVjMTBkNzgiLCJuYW1lIjoiYXV0aG5tZXRob2RzcmVmZXJlbmNlcyIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJkaXNwbGF5bmFtZSI6eyJpZCI6IjI4ODFkYWZkLTliZjEtNDQwOS1hOTEyLWRlZTZhMDM5ZDZiYiIsIm5hbWUiOiJkaXNwbGF5bmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJlbWFpbCI6eyJpZCI6IjRjNzhlNTQyLWRlOTEtNDFmOC1hMzVmLTI0NGM0MmVhZmQ5OCIsIm5hbWUiOiJlbWFpbCIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJlbWFpbGFkZHJlc3MiOnsiaWQiOiI4ZWY0ZDBlMS02OTA1LTRlMDktOWZmOC1kNWFlNTI4OTFhODUiLCJuYW1lIjoiZW1haWxhZGRyZXNzIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sImZpcnN0X25hbWUiOnsiaWQiOiIzZTNmZjZiOC1iMDgwLTQ1MDQtYjhlMC02OTQ0ODJlMzI2OTEiLCJuYW1lIjoiZmlyc3RfbmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJnaXZlbm5hbWUiOnsiaWQiOiI2MzgyN2JhMy04Zjc3LTQzNmMtODM5Ny04ZDZlMGEyODYwMDYiLCJuYW1lIjoiZ2l2ZW5uYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sImlkZW50aXR5cHJvdmlkZXIiOnsiaWQiOiJhMDYyMWMzMi0zZGQwLTQ0OTQtYThjNC1mNDQwOWM1NDk1ZTIiLCJuYW1lIjoiaWRlbnRpdHlwcm92aWRlciIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJsYXN0X25hbWUiOnsiaWQiOiIzN2NhNTM3MS02MzM0LTQ3NzEtOTEyOS0zMzEwMDBjOTFmMTQiLCJuYW1lIjoibGFzdF9uYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sIm5hbWUiOnsiaWQiOiI1YTI3NzAwNC0wN2E2LTQxMGYtOTE2NC03Y2JhYmQzNDdmNGQiLCJuYW1lIjoibmFtZSIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9LCJvYmplY3RHdWlkIjp7ImlkIjoiMzQ2ZDI4ZTAtODllMi00ZjIyLTljMDYtZTA5OGViNGRiY2YwIiwibmFtZSI6Im9iamVjdEd1aWQiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwib2JqZWN0aWRlbnRpZmllciI6eyJpZCI6ImI1OWU2OTViLTNhMDctNDNmYi04MTkzLTkxYTM5ZjFkNjI1OCIsIm5hbWUiOiJvYmplY3RpZGVudGlmaWVyIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInBob25lIjp7ImlkIjoiYjJlZWNlZTYtYWYzYS00YWY0LTg4ZjYtNjU4YzQ1MDc0MzQ1IiwibmFtZSI6InBob25lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInNhbWxfbmFtZWlkIjp7ImlkIjoiOTViODA2ZDgtMzRlYS00ZjYxLWJiOWEtYzlhNmUzZTVkZmM4IiwibmFtZSI6InNhbWxfbmFtZWlkIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInNhbWxfc3ViamVjdCI6eyJpZCI6IjQ0NjkzZDhjLTVhOWQtNDQ3Ni1hNTYzLTFkMTQxYWE5MzIyNSIsIm5hbWUiOiJzYW1sX3N1YmplY3QiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwic3VybmFtZSI6eyJpZCI6IjQ2MDdjZjY4LWY3NDItNDBhNS04MTgzLWQyNDRkODU1NmZhOSIsIm5hbWUiOiJzdXJuYW1lIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInRlbmFudGlkIjp7ImlkIjoiMDIxMDViMjEtNDI1Yy00ZGU2LTkyODQtZTFlNTQ1Mzg1NmRmIiwibmFtZSI6InRlbmFudGlkIiwicmVxdWlyZWQiOmZhbHNlLCJ0eXBlIjoic3RyaW5nIn0sInVpZCI6eyJpZCI6IjBmZGE3NTFmLWZmNTctNDYwNC04ZjU1LTFmN2MxYjcxYjkxYyIsIm5hbWUiOiJ1aWQiLCJyZXF1aXJlZCI6ZmFsc2UsInR5cGUiOiJzdHJpbmcifSwidW5pdF9wYXRoIjp7ImlkIjoiZjkwZTc2MjUtMjEwNi00ODRmLTgwNzEtYTliMTQ2Mzg3Mzc2IiwibmFtZSI6InVuaXRfcGF0aCIsInJlcXVpcmVkIjpmYWxzZSwidHlwZSI6InN0cmluZyJ9fSwic19oYXNoIjoiUzZhWE5jcFRkbDdXcHdudHRXeHVvZyIsInRudCI6InNoYXJrLWFjYWRlbXkiLCJ2ZXIiOjF9.klcxIBu2gggfXY-ac5EvF92RYYT0mAVSIZuWr-SqVBR2iWFhEQLRQ7IMGVCKYnOqbmKD-gRgwGAsZNj486WwkYiWjDsrdtl47dTBpKKL_UxO28zl4AnywdODXqxZEQUul40Z0mn-B9dq7SJtZmCYOK1z-9AlIr1KEY7P0FyTX-Q4TMzSFeJIqyWtPd5-x1hfGqAduuiADv0API6Lr12sylspOuweH8Hyx3xBn82tOTcdPDmjl0cIY4EBsCytXAJyzlVxjYhr8gTDJPJn5dLRnEDQsahzpwBaITI4YkoI19COfqDdf3pF-R2-s35NsVWDIt9_PeNzmFagDR4QuInwzM6-euOlhH1LU1QlISkhwu-9huWvAAR1PtRtC8T31GUTmTbIDUjjxp1z_3JRya3oRmXXIClaiVCdLWFRWzYbAkfSrFo_GFsQ90zrbwAgVPNG-BPlOKryU6bnKCTCqWPBqB1xflk3VkvJMLITpQjZ-SCuYGnKH1K_b60WoyFax2GU_Pk4E1Q8n_nSgiy2qWaxKYSRfLHfeWPGJieJz3aiM3CbI5cfdshh8UbBUUDaHEIwHyzXpq7wW_tjnCjpQdVDfXmZInJFG-5kHKhdXsqH87j2h-SLQunasF3dPc1mmXVGkZ9GcNGW6wHDXV_EzZz-ctvXvvLiv1fF87vWSgGUK2c",
"id_token_keys": [
[
"application_metadata",
[]
],
"at_hash",
"c_hash",
"dbs",
"exp",
"iat",
"iss",
"jti",
"jtt",
"nonce",
[
"resource_owner_metadata",
[
"authnmethodsreferences",
"displayname",
"email",
"emailaddress",
"first_name",
"givenname",
"identityprovider",
"last_name",
"name",
"objectGuid",
"objectidentifier",
"phone",
"saml_nameid",
"saml_subject",
"surname",
"tenantid",
"uid",
"unit_path"
]
],
"s_hash",
"tnt",
"ver"
]
}

Access Token Type

ATTRIBUTES

sub SUBJECT UUID

Reference of the resource (generally user's uuid)

See uid


iss ISSUER STRING

The issuer of the access token.

PATTERN

https://{{YOUR_CRYPTR_SERVER_URL}}/t/{{organization_domain}}


uid USER ID UUID

aud AUDIENCE STRING

The audience of the service that access token gives access to


exp EXPIRATION DATE TIME

The expiration date of the token


nbf NOT BEFORE DATE TIME

The datetime before which the access token cannot be used


iat ISSUED AT DATE TIME

The issue date of the token


cid CLIENT ID UUID

The reference of JWT consumer (generally application's id)


dbs DATABASE STRING

The environment of the resource


jti JWT ID UUID

The unique identifier of the token


jtt JWT TYPE STRING

The type of the JWT, in this case "access_token"


scp SCOPE ARRAY

The scope of the token (mainly used for magic link product)


Create new key values in your JWT

POST

curl --location -g --request POST 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/organization-domain/token-customization/user-metakey' \
--header 'Authorization: Bearer your_api_key_generated_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"user_metakey": {
"name": "my user metakey",
"required": false,
"type": "string"
}
}'

PARAMETERS

domain ID REQUIRED

The domain of the organization


name STRING REQUIRED

The desired name for this new MetaKey, use something understandable for your use case


type STRING REQUIRED

Type of the MetaData that will be associated to the created MetaKey (ex string , integer, date etc)


required BOOLEAN OPTIONAL

If set to true all users have to have a MetaData related to this key.

RETURNS

The created MetaKey


List all User MetaKey

List all stored user MetaKey of the organization.

Query

curl -v -X GET 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/token-customization/user-metakey' \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Domain: ${YOUR_OWN_DOMAIN}" \
-d '{
{
"name": "department",
"type": "STRING",
"required": "true"
}
}'


PARAMETERS

domain ID REQUIRED

The domain of the organization

RETURNS

The list of all user MetaKey stored on Organization

Remove a MetaKey

Use the below request when a MetaKey is no more useful

DELETE

curl -X DELETE 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/token-customization/user-metakey' \
--header 'Authorization: Bearer your_api_key_generated_token' \
--header 'Content-Type: application/json' \
--data-raw '{
"key_name": "my user metakey"
}'


PARAMETERS

domain ID REQUIRED

The domain of the organization


key_name STRING REQUIRED
RETURNS

The deleted key-value metadata with a confirmation it is deleted.

Set User MetaData

After creating a MetaKey assignable to any user, it's possible to assign a specific value for a specific user for this MetaKey and that is a MetaData that will be present in future user's JWT.

⚠️ If a value is already set for the selected MetaKey for the User, the value will be updated with the new value.

Query

curl -X PATCH 'https://{{YOUR_CRYPTR_SERVICE_URL}}/api/v2/org/:domain/token-customization/set-user-metadata' \
--header 'Authorization: Bearer YOUR_API_TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"user_id": "1fec57ed-b014-47f7-8322-955c8aad58ed",
"key_name": "displayname",
"key_value": "awesome-astronaut"
}'


PARAMETERS

user_id ID REQUIRED

The user to update the metadata key/value


key_name STRING REQUIRED

The key of the value to set


key_value STRING REQUIRED

The value of the key

RETURNS

The updated user

Get a JWT Sample

Fetch the JwtSample for the selected Organization

Query

curl 'https://${YOUR_CRYPTR_SERVICE_URL}/api/v2/org/:domain/token-customization/sample' \
--header 'Authorization: Bearer your_api_key_generated_token'

PARAMETERS

domain ID REQUIRED

The domain of the organization

RETURNS

Returns the JwtSample with access and id sample tokens alongside their key claims "treeview"