BST + BRT Claims
Understanding token claims is central to a correct integration.
BST Claims
The session token usually carries:
- operation type
- expiration
- partner context
- optional encrypted user binding
BRT Claims
The result token carries the completed biometric result and is signed by the SophID backend.
Validation Rule
Never trust client receipt of a BRT alone. Treat the result as valid only
after backend verification.