Overview

Enterprise teams often need more than “who the user is.” They also need to answer: “How was this identity verified, and how much can I trust it?” Hopae Connect returns a structured payload containing normalized user attributes alongside a dedicated hopae_provenance object. This object tells the complete story of the verification: who vouched for the identity, how it was presented, and what checks passed.

Example Responses

// The ID Token focuses on the user and the trust level. It's lightweight and ideal for session management.
{
  "iss": "https://sandbox.connect.hopae.com",
  "aud": "YOUR_CLIENT_ID",
  "sub": "wPqH84Q4pDiE4qWWIfGeMQcoctqYfNVf",
  "acr": "urn:hopae:loa4",
  "amr": ["pin"],
  "hopae_loa": 4,
  "name": "Jane Q. Citizen",
  "given_name": "Jane Quincy",
  "family_name": "Citizen"
  "birthdate": "1992-02-02",
  "missingAttributes": ["phone_number", "address"]
}

UserInfo Payload Structure

Here is a conceptual map of the UserInfo payload. This tree view shows how the data is organized, with a brief explanation for each major component. For detailed field specifications, refer to the Schema Tables that follow this section. 
{
  // --- Standard Claims ---
  "sub": "...",                // Who is the user? (The unique ID)
  "name": "...",               // What are their attributes? (Normalized user data)
  "birthdate": "...",          //
  
  // --- Assuarance Data
  "acr": "...",                // How much can I trust this? (The assurance level)
  "hopae_loa": "...",         

  // --- The Verification Story ---
  "hopae_provenance": {
    "presentation": {          // The story of *how* the identity was presented.
      
      // The technology channel used for the interaction.
      "channel": {             
        "type": "...",
        "transport": "..."
      },
      
      // A list of documents presented and verified.
      "credentials": [         
        {
          "type": "...",       // What kind of document is this?
          "issuer": { ... },   // Who vouches for this document?
          "evidence": [ ... ], // What is the proof of its authenticity?
          "claims": { ... }    // Origial raw issuer data field
        }
      ]
    },
    
    // Operational data for the verification event.
    "_metadata": {             
      "verification_id": "...",
      "verified_at": "..."
    }
  }
}

Schema Tables

The following tabs provide a detailed field-by-field reference for the structures outlined above.
These are standard OpenID Connect claims representing the user’s identity.
FieldTypeRequiredNotes/Example
substringYesPairwise user id
namestringNoDisplay name
given_namestringNo
family_namestringNo
middle_namestringNo
nicknamestringNo
preferred_usernamestringNo
profilestringNoURL
picturestringNoURL
websitestringNoURL
genderstringNofemale, male, other
birthdatestringNoYYYY-MM-DD
zoneinfostringNoIANA time zone
localestringNoBCP 47 (en-US)
emailstringNouser@example.com
email_verifiedbooleanNotrue/false
phone_numberstringNoE.164 (+1415555…)
phone_number_verifiedbooleanNotrue/false
addressobjectNoSee Address structure below
updated_atnumberNoUnix timestamp
nationalitystringNoISO 3166-1 alpha-2

Address Claim Structure

FieldTypeNotes/Format
formattedstringMulti-line, display-ready
street_addressstringStreet/house/PO Box
localitystringCity
regionstringState/Province/Region
postal_codestringZIP/Postal code
countrystringISO 3166-1 alpha-2

Other Verification Examples

The data model is flexible enough to represent various verification methods. Note that some examples may include the optional claims field to show the raw, source-specific data returned by the issuer before normalization.

Next Steps

OIDC Provider

How OIDC fits into User Verification

Verification Flow

Understand the end-to-end lifecycle