When a user logs in through Access using Single Sign-On (SSO), a set of standard fields is sent to the configured OAuth endpoint. This data allows your application to identify and manage the user.
Information passed when a user logs in:
Identity scope
Field | Description |
---|---|
sub | Unique identifier for the user |
name | Full name of the user |
given_name | First name |
family_name | Last name |
email | User’s email address |
groups | Groups the user is a member of (used for access control or role assignment) |
context.school_id | Internal school identifier |
context.tenant_id | Tenant ID assigned to your organization in Snapplify |
Example Payload
Below is the typical user data payload sent during an SSO session via the /userinfo endpoint:
{ "sub": "userId-xxxxx", "name": "Jane Doe", "given_name": "Jane", "family_name": "Doe", "email": "jane@example.com", "groups": ["school-group", "admin"], "context": { "school_id": "ABC123", "tenant_id": "TENANT-1234" }
Expanded scopes
Additional fields can be passed on the Expanded scopes for Professional and Enterprise customers
'teacher'
This scope is used to determine if a user is a teacher within the Snapplify platform. It also includes additional information about the school.
{ "teacher": true, "teacher_verified": true, "school": { "id": ABC123, "name": "School name", "url": "https://Schoolname.snapplify.com/", "createdDate": "2017-11-16T11:48:09.000Z", "updatedDate": "2023-05-17T07:19:20.000Z" } }
'learner'
This scope is used to identify if a user is a learner within the Snapplify environment. It also includes additional information about the school, grade and classes.
{ "school": { "id": ABC123, "name": "School name", "url": "https://schoolname.snapplify.com/", "createdDate": "2017-11-16T11:48:09.000Z", "updatedDate": "2023-05-17T07:19:20.000Z" }, "grade": { "id": 11, "name": "Grade 10", "createdDate": "2018-10-25T12:51:02.000Z", "updatedDate": "2022-10-08T20:05:57.000Z" }, "class": [ { "id": 11377, "name": "Example Class", "createdDate": "2022-03-29T09:47:34.000Z", "updatedDate": "2022-03-29T09:47:34.000Z", "grade": { "id": 11, "name": "Grade 10", "description": "Grade 10", "createdDate": "2018-10-25T12:51:02.000Z", "updatedDate": "2022-10-08T20:05:43.000Z" } } ] }
Developer Notes
- These fields are delivered as part of the /userinfo endpoint defined in OAuth 2.0 protocol.
- Ensure that your client configuration in Access includes the required scopes (email, profile).
- You can extend this by configuring custom claims in your Access tenant.
To learn more about Snapplify Access visit: Understanding the benefits of Snapplify Access
Need help? Use the live chat in the bottom right corner of your screen or email us on help@snapplify.com.