Interface: UserIdentity
server.UserIdentity
Information about an authenticated user, derived from a JWT.
The only fields guaranteed to be present are tokenIdentifier and issuer. All remaining fields may or may not be present depending on the information given by the identity provider.
The explicitly listed fields are derived from the OpenID Connect (OIDC) standard fields, see the OIDC specification for more information on these fields.
Any additional fields are custom claims that may be present in the JWT,
and their type depends on your identity provider configuration. If you
know the type of the field, you can assert it in TypeScript like this
(for example as a string):
const identity = await ctx.auth.getUserIdentity();
if (identity === null) {
return null;
}
const customClaim = identity.custom_claim as string;
Indexable
▪ [key: string]: JSONValue | undefined
Properties
tokenIdentifier
• Readonly tokenIdentifier: string
A stable and globally unique string for this identity (i.e. no other user, even from a different identity provider, will have the same string.)
JWT claims: sub + iss
Defined in
subject
• Readonly subject: string
Identifier for the end-user from the identity provider, not necessarily unique across different providers.
JWT claim: sub
Defined in
issuer
• Readonly issuer: string
The hostname of the identity provider used to authenticate this user.
JWT claim: iss
Defined in
name
• Optional Readonly name: string
JWT claim: name
Defined in
givenName
• Optional Readonly givenName: string
JWT claim: given_name
Defined in
familyName
• Optional Readonly familyName: string
JWT claim: family_name
Defined in
nickname
• Optional Readonly nickname: string
JWT claim: nickname
Defined in
preferredUsername
• Optional Readonly preferredUsername: string
JWT claim: preferred_username
Defined in
profileUrl
• Optional Readonly profileUrl: string
JWT claim: profile
Defined in
pictureUrl
• Optional Readonly pictureUrl: string
JWT claim: picture
Defined in
email
• Optional Readonly email: string
JWT claim: email
Defined in
emailVerified
• Optional Readonly emailVerified: boolean
JWT claim: email_verified
Defined in
gender
• Optional Readonly gender: string
JWT claim: gender
Defined in
birthday
• Optional Readonly birthday: string
JWT claim: birthdate
Defined in
timezone
• Optional Readonly timezone: string
JWT claim: zoneinfo
Defined in
language
• Optional Readonly language: string
JWT claim: locale
Defined in
phoneNumber
• Optional Readonly phoneNumber: string
JWT claim: phone_number
Defined in
phoneNumberVerified
• Optional Readonly phoneNumberVerified: boolean
JWT claim: phone_number_verified
Defined in
address
• Optional Readonly address: string
JWT claim: address
Defined in
updatedAt
• Optional Readonly updatedAt: string
JWT claim: updated_at