When a user signs in using Snapplify's Single Sign-On (SSO), certain pieces of basic user information are automatically shared with the connected platform. This article explains what information is passed through during authentication and how it can be used to manage users or integrate with other systems.


Information passed when a user logs in:

When a user authenticates via Snapplify SSO, the following user data is returned as a JSON payload:

{
   "sub": "userId-xxxxx",
   "name": "Jane Doe",
   "given_name": "Jane",
   "family_name": "Doe",
   "email": "jane@example.com",
   "groups": ["school-group", "admin"],
   "context": {
     "school_id": "ABC123",
     "tenant_id": "TENANT-1234"
}

Field Descriptions


FieldDescription
subUnique identifier for the user
nameFull name of the user
given_nameFirst name
family_nameLast name
emailUser’s email address
groupsGroups the user is a member of (used for access control or role assignment)
context.school_idInternal school identifier
context.tenant_idTenant ID assigned to your organization in Snapplify


Expanded scopes

Additional fields can be passed on the Expanded scopes for Professional and Enterprise customers


'teacher'

This scope is used to determine if a user is a teacher within the Snapplify platform. It also includes additional information about the school.


{
  "teacher": true,
  "teacher_verified": true,
  "school": {
      "id": ABC123,
      "name": "School name",
      "url": "https://Schoolname.snapplify.com/",
      "createdDate": "2017-11-16T11:48:09.000Z",
      "updatedDate": "2023-05-17T07:19:20.000Z"
  }
}


'learner'

This scope is used to identify if a user is a learner within the Snapplify environment. It also includes additional information about the school, grade and classes.

{
  "school": {
      "id": ABC123,
      "name": "School name",
      "url": "https://schoolname.snapplify.com/",
      "createdDate": "2017-11-16T11:48:09.000Z",
      "updatedDate": "2023-05-17T07:19:20.000Z"
  },
  "grade": {
      "id": 11,
      "name": "Grade 10",
      "createdDate": "2018-10-25T12:51:02.000Z",
      "updatedDate": "2022-10-08T20:05:57.000Z"
  },
  "class": [
      {
          "id": 11377,
          "name": "Example Class",
          "createdDate": "2022-03-29T09:47:34.000Z",
          "updatedDate": "2022-03-29T09:47:34.000Z",
          "grade": {
              "id": 11,
              "name": "Grade 10",
              "description": "Grade 10",
              "createdDate": "2018-10-25T12:51:02.000Z",
              "updatedDate": "2022-10-08T20:05:43.000Z"
          }
      }
  ]
}

Developer Notes

  • These fields are delivered as part of the /userinfo endpoint defined in OAuth 2.0 protocol.
  • Ensure that your client configuration in Access includes the required scopes (email, profile).
  • You can extend this by configuring custom claims in your Access tenant.


To learn more about Snapplify Access visit: Understanding the benefits of Snapplify Access


Need help? Use the live chat in the bottom right corner of your screen or email us on help@snapplify.com.