The JSON-based OpenID (ID) access tokens contain one or more claims. A claim is any piece of information that serves as an unique identifier, and that the token issuer who generated the token has verified.

API Gateway extracts the claims from the ID token, and identifies the application that is using the token to access a protected resource. An application that is defined with the claims conveyed by the ID token is identified and allowed access to the protected resource.

For details on how to define OpenID claims in an application, see Creating an Application.