[Openid-specs-ab] What is the relationship between scope and user info claims ?
ve7jtb at ve7jtb.com
Mon Sep 19 15:37:34 UTC 2011
The claims specified by the scope are all optional.
If you want a particular claim to be required you use the claim request to override the scope.
The elements of the request object always override unsigned elements.
On 2011-09-16, at 9:21 AM, Roland Hedberg wrote:
> So when I use userinfo:claims I can specify that returning an attribute is optional.
> What it is the default when using scope, is everything default or required ?
> If it is 'optional' (which seems reasonable) then userinfo:claims could be used to raise the 'necessity' to return an attribute ?
> If it is 'required' then can userinfo:claims be used to lower the 'necessity' ?
> -- Roland
> 16 sep 2011 kl. 08:55 skrev John Bradley:
>> AND should be applied.
>> The three scopes for the user-info endpoint are to be thought of as convience shorthand for specifying the same info as claims in the request object.
>> On 2011-09-15, at 11:49 PM, Roland Hedberg wrote:
>>> In an authorization request scope can be defined to be for instance profile which is interpreted as being equal to a claim for all person attributes except for email and address.
>>> In an Openid Request object you can list specific attributes your interested in in the userinfo:claims part.
>>> So what relationship are there between these ?
>>> Does any of them take precedence or should an AND be applied or … ?
>>> -- Roland
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4767 bytes
Desc: not available
More information about the Openid-specs-ab