> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Describes how ID tokens conform to the JWT standard and contain JWT claims asserted about the token itself, standard OIDC claims about the authenticated user, and custom claims that you define, control, and add to a token using a rule.

# ID Token Structure

<Tooltip tip="ID Token: Credential meant for the client itself, rather than for accessing a resource." cta="View Glossary" href="/docs/glossary?term=ID+tokens">ID tokens</Tooltip> follow the [JSON Web Token (JWT)](/docs/secure/tokens/json-web-tokens) standard, which means that their basic structure conforms to the typical [JWT Structure](/docs/secure/tokens/json-web-tokens/json-web-token-structure), and they contain standard [JWT Claims](/docs/secure/tokens/json-web-tokens/json-web-token-claims) asserted about the token itself.

Beyond what is required for <Tooltip tip="ID Token: Credential meant for the client itself, rather than for accessing a resource." cta="View Glossary" href="/docs/glossary?term=JWT">JWT</Tooltip>, ID tokens also contain claims asserted about the authenticated user, which are pre-defined by the <Tooltip tip="OpenID: Open standard for authentication that allows applications to verify users' identities without collecting and storing login information." cta="View Glossary" href="/docs/glossary?term=OpenID">OpenID</Tooltip> Connect (OIDC) protocol, and are thus known as standard OIDC claims. Some standard OIDC claims include:

* `name`
* `nickname`
* `picture`
* `email`
* `email_verified`

For a full list of standard OIDC claims, see [OIDC specification: Standard Claims](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims). You can also create [custom claims](/docs/secure/tokens/json-web-tokens/json-web-token-claims), which are claims that you define, control, and add to a token using Auth0 Actions.

You control which OIDC claims are included in the ID token consumed by your application by including specific [OpenID Connect Scopes](/docs/get-started/apis/scopes/openid-connect-scopes) in a parameter when you request tokens while authenticating users. To learn how to request an ID token, see [Get ID Tokens](/docs/secure/tokens/id-tokens/get-id-tokens).

## Sample ID Token

This example shows the contents of an ID token. Notice that the <Tooltip tip="Audience: Unique identifier of the audience for an issued token. Named aud in a token, its value contains the ID of either an application (Client ID) for an ID Token or an API (API Identifier) for an Access Token." cta="View Glossary" href="/docs/glossary?term=audience">audience</Tooltip> value (located in the `aud` claim) is set to the application's identifier, which means that only this specific application should consume the token. To learn more about the claims in this example, read [JSON Web Token Claims](/docs/secure/tokens/json-web-tokens/json-web-token-claims).

```json lines theme={null}
{
  "iss": "http://my-domain.auth0.com",
  "sub": "auth0|123456",
  "aud": "my_client_id",
  "exp": 1311281970,
  "iat": 1311280970,
  "name": "Jane Doe",
  "given_name": "Jane",
  "family_name": "Doe",
  "gender": "female",
  "birthdate": "0000-10-31",
  "email": "janedoe@example.com",
  "picture": "http://example.com/janedoe/me.jpg"
}
```

## Learn more

* [Get ID Tokens](/docs/secure/tokens/id-tokens/get-id-tokens)
* [Validate ID Tokens](/docs/secure/tokens/id-tokens/validate-id-tokens)
* [Update ID Token Lifetime](/docs/secure/tokens/id-tokens/update-id-token-lifetime)