We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

SuperOffice OpenID Connect claims

In this article

    SuperOffice offers a set of claims.

    Standard claims

    OpenID Connect standard claims
    Claim name Federated ID OpenID Connect Description
    aud X X

    The service principal name (SPN) claim identifier followed by the tenant database serial number.
    exp X X

    Expiration time on or after which the ID token must not be accepted for processing.
    c_hash   X

    Code hash value.
    iat   X

    Time at which the JWT was issued.

    Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
    iss X X

    An identifier for the issuer of the response. Options:

    • SuperOffice AS (federated ID)
    • https://sod.superoffice.com (OpenID Connect)
    nbf X X

    The time before which the JWT must not be accepted for processing.
    nonce   X

    A string used to associate a client session with an ID token and to mitigate replay attacks.
    sub X X

    Subject Identifier.

    Always the same as the claim: http://schemes.superoffice.net/identity/upn

    SuperOffice specific claims

    The claims in the following table are all prefixed with http://schemes.superoffice.net/identity/

    SuperOffice specific OICD claims
    Claim name Federated ID OpenID Connect Description
    associateid X X

    The current user's associate ID.
    company_name X  

    The current user's company name.
    ctx X X

    The tenant identifier.
    email X X

    The current user's email address.
    firstname X X

    The current user's first name.
    identityprovider X X

    The identity provider responsible for authentication. Options:

    • SuperOffice AS (federated ID)
    • https://sod.superoffice.com (OpenID Connect)
    initials X X

    The current user's full name initials.

    (added June 2019)
    is_administrator X X

    Determine whether the current user is an administrator.
    lastname X X

    The current user's last name.
    netserver_url X X

    The URL to a tenant SOAP web service.

    Often used in conjunction with SuperOffice .NET NuGet proxies.

    New applications should always use the latest.
    remember_me_expires X X

    Unused.
    serial X X

    The tenant database serial number.
    so_primary_email_address X X

    The current user's primary email address.

    (added June 2019)
    system_token X X

    A unique identifier used to exchange for a system ticket.

    Used for background processing, back-channel communications.
    ticket X  

    A current user's unique identifier, used for authentication.
    upn X X

    Specifies a user principal name (UPN).
    webapi_url X X

    The URL to a tenant REST web services.