
Overview
- Who is the user? → returned under
user. - How was this identity verified? → described by
provenance. - Did the user’s claimed values match the source? → returned under
matchfor match-capable providers.
Verification models
The top-levelverification_model field tells you which payload shape to read:
verification_model is always present. Verifications created before this field existed default to "disclosure". provider_id mirrors the single element in amr and is also always present.
For match flows, user echoes back the verified subset of the values you submitted — per-field providers: only fields with matched: true; aggregate providers: every submitted field when the aggregate outcome is true, otherwise empty. A match provider may additionally expose disclosed (IDP-asserted) claims; those appear under user only when requested via requestedAttributes, and a requested-but-unavailable disclosed claim is listed in missing_claims.
For match-capable providers, matchData (the values the RP wants verified) must be supplied at session creation. The keys are OIDC-normalized names (see Normalized User Data) and appear back in match.submitted_fields and as match.details keys. See Create Verification (matchData body field) and OIDC Authorization (match_request JWT param).
What “Provenance” Means
Provenance explains the verification story — who vouched for the identity, how it was presented, and when it happened.- Presentation
- Channel: the route and transport (for example,
centralized_idpoverinternet,chip_basedvianfc,walletoverinternet). - Credentials[]: the documents or assertions that were presented (
typeis the provider identifier, alongside issuer details and raw upstream claims). - Evidence (when provided)
- Evidence is included when the credential provides it; the object relays the upstream
tokenpayload and a semicolon-delimitednameslist describing the keys. Key names are provider-specific—always read them fromnames. Content is relayed from the credential source.
- Evidence is included when the credential provides it; the object relays the upstream
- Channel: the route and transport (for example,
- Metadata
- Verification identifiers and timestamps for audit and support (
verification_id,verified_at).
- Verification identifiers and timestamps for audit and support (
UserInfo Payload Structure
Here is a conceptual map of the UserInfo payload. This tree view shows how the data is organized, with a brief explanation for each major component. For detailed field specifications, refer to the Schema Tables that follow this section.Match payload example
A complete/userinfo response from a match-capable provider:
For match providers,
provenance.presentation.credentials[].claims carries the upstream IDP response verbatim — typically per-field confirmation from the source authority. This is the audit trail for what the source agreed with — it is not a duplicate of match.details. Note the intentional naming asymmetry: matchData, match.submitted_fields, and match.details use OIDC-normalized keys (e.g. name, birthdate), while provenance claims keep the upstream IDP’s native keys (e.g. fullName, dateOfBirth) so the audit trail stays aligned with the source.details may include keys that are not in submitted_fields when the upstream provider emits additional verifier results (e.g., a liveness signal alongside the demographic match outcome).Related
Next Steps
OIDC Provider
How OIDC fits into User Verification
Verification Flow
Understand the end-to-end lifecycle

