REQUIRED. Audience(s) that this ID Token is intended for. It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value. It MAY also contain identifiers for other audiences. In the general case, the aud value is an array of case-sensitive strings. In the common special case when there is one audience, the aud value MAY be a single case-sensitive string.
OptionalencounterOptionalexpJWT Expiration Time
OptionalfhirOptionalfhirThe ID of the resource the token is associated with.
Token can be associated with an Operation, Client or Membership this claim distinguishes between the three.
The users role for the tenant.
The tenant the token is associated with.
OptionaliatJWT Issued At
REQUIRED. Issuer Identifier for the Issuer of the response. The iss value is a case-sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.
OptionaljtiJWT ID
OptionalnbfJWT Not Before
Optionalpatientscope Required. OAuth 2.0 scopes. Space-separated string.
sub REQUIRED. Subject Identifier. A locally unique and never reassigned identifier within the Issuer for the End-User, which is intended to be consumed by the Client, e.g., 24400320 or AItOawmwtWwcT0k51BayewNvutrJUqsvl6qs7A4. It MUST NOT exceed 255 ASCII [RFC20] characters in length. The sub value is a case-sensitive string.
Any other JWT Claim Set member.