OpenID Connect JSON Web Token

OttoLearn supports single sign-on (SSO) for our desktop and mobile apps through OpenID Connect.

If you're interested in using this feature, contact our support team.

ID Token
Full specification:

The ID Token is a security token formatted as a JWT (JSON Web Token) that is used to assert claims about a user to OttoLearn.

Required Fields
Authentication Claims:
iss - Issuer is a URL using the https:// schema (Eg.
sub - Subject is a locally unique identifier for the user that is never reassigned (Eg. User Id or UUID)
aud - Audience is the name of the client that the ID token is for (Eg. otto-learner-web-client or otto-admin-web-client)
exp - Expiration time on or after which the ID Token MUST NOT be accepted. Number of seconds since unix epoch
iat - The time at which the ID Token was issued. Number of seconds since unix epoch

User Profile Claims:
preferred_username - The username of the user
email - The email address of the user
email_verified - Is the email address verified

    "iss": "",
    "sub": "2134913",
    "aud": "otto-learner-web-client",
    "exp": 1519655938,
    "iat": 1519655960,

    "preferred_username": "john.smith",
    "email": "[email protected]",
    "email_verified": true

ID Token Signing and Encryption
The ID Token MUST be signed and may optionally be signed and encrypted using any supported JWA format.

The above ID Token example signed as a JWT with the HS256 algorithm using the preshared key 'secret'


Passing ID Token to client (Implicit Flow)