When a user logs in through Access using Single Sign-On (SSO), a set of standard fields is sent to the configured OAuth endpoint. This data allows your application to identify and manage the user.


Information passed when a user logs in:

Identity scope


FieldDescription
subUnique identifier for the user
nameFull name of the user
given_nameFirst name
family_nameLast name
emailUser’s email address
groupsGroups the user is a member of (used for access control or role assignment)
context.school_idInternal school identifier
context.tenant_idTenant ID assigned to your organization in Snapplify


Example Payload

Below is the typical user data payload sent during an SSO session via the /userinfo endpoint:

{
   "sub": "userId-xxxxx",
   "name": "Jane Doe",
   "given_name": "Jane",
   "family_name": "Doe",
   "email": "jane@example.com",
   "groups": ["school-group", "admin"],
   "context": {
     "school_id": "ABC123",
     "tenant_id": "TENANT-1234"
}


Expanded scopes

Additional fields can be passed on the Expanded scopes for Professional and Enterprise customers


'teacher'

This scope is used to determine if a user is a teacher within the Snapplify platform. It also includes additional information about the school.


{
  "teacher": true,
  "teacher_verified": true,
  "school": {
      "id": ABC123,
      "name": "School name",
      "url": "https://Schoolname.snapplify.com/",
      "createdDate": "2017-11-16T11:48:09.000Z",
      "updatedDate": "2023-05-17T07:19:20.000Z"
  }
}


'learner'

This scope is used to identify if a user is a learner within the Snapplify environment. It also includes additional information about the school, grade and classes.

{
  "school": {
      "id": ABC123,
      "name": "School name",
      "url": "https://schoolname.snapplify.com/",
      "createdDate": "2017-11-16T11:48:09.000Z",
      "updatedDate": "2023-05-17T07:19:20.000Z"
  },
  "grade": {
      "id": 11,
      "name": "Grade 10",
      "createdDate": "2018-10-25T12:51:02.000Z",
      "updatedDate": "2022-10-08T20:05:57.000Z"
  },
  "class": [
      {
          "id": 11377,
          "name": "Example Class",
          "createdDate": "2022-03-29T09:47:34.000Z",
          "updatedDate": "2022-03-29T09:47:34.000Z",
          "grade": {
              "id": 11,
              "name": "Grade 10",
              "description": "Grade 10",
              "createdDate": "2018-10-25T12:51:02.000Z",
              "updatedDate": "2022-10-08T20:05:43.000Z"
          }
      }
  ]
}

Developer Notes

  • These fields are delivered as part of the /userinfo endpoint defined in OAuth 2.0 protocol.
  • Ensure that your client configuration in Access includes the required scopes (email, profile).
  • You can extend this by configuring custom claims in your Access tenant.


To learn more about Snapplify Access visit: Understanding the benefits of Snapplify Access


Need help? Use the live chat in the bottom right corner of your screen or email us on help@snapplify.com.