:
Last modified: Sep 8, 2021

JWT Format

Description of the JWT Format used in Altinn Studio, Altinn Platform and Altinn Apps.

JSON Web Token are an open, industry standard RFC 7519 method for representing claims securely between two parties and are choosen as the bearer of information about users and systems.

The format that is choosen for JWT tokens is RSA256. This is a asymetric algorithm where the Authentication component in Altinn Platform generates tokens based on a private key in a certificate, and everyone can validate the token with the public key.

Altinn Platform and Altinn Apps support JWT tokens as bearer tokens in Authorization header and as JWT Tokens inside cookie.

The cookie will be used when users access application with a frontend in Altinn Apps (typical React application). The bearer token will be used when the user access throug mobile apps or external systems.

The below screenshot shows how a JWT Token can be verified at jwt.io

“JWT IO”
JWT IO

Claims in token

ClaimDescription
UserIdThe internal Altinn userId for the authenticated user.
ssnThe social security number.
PartyId
AuthenticationLevelThe authentication level used when user logged in.
AuthenticationMethodThe authentication method used when user logged in.
end user system IdThe internal ID for end user system.
SystemOwnerPartyIdThe internal PartyID for system owner.