[Openid-specs-ab] Resolving ID Token + UserInfo claim requests

Vladimir Dzhuvinov / NimbusDS vladimir at nimbusds.com
Thu Oct 11 08:25:39 UTC 2012

Hi guys,

I started a major refactoring of the OpenID Connect SDK for Java and I'm
currently reviewing the code that takes the incoming
AuthorizationRequest and resolves it to precise ID Token and UserInfo
claim requests for IdP backends to process. 

All of you know that when a request object is present this resolving of
the final requested claims can become quite messy. I'm now trying to
come up with a software implementation that manages this process of
resolving the claim requests in the most simple and elegant way.

For that. I want to ask, can we say that the following claims
categorisation is correct:

On the top level we have REQUIRED and OPTIONAL claims:

* REQUIRED claims that the AS must include in all cases: For the IDToken
these are the claims marked as required in Messages 2.1.1.; for UserInfo
the "user_id" claim as per Messages 2.3.2.

* OPTIONAL claims which the AS may or may not provide; of these
depending on the client request we have as per Messages

    * ESSENTIAL: claims marked as crucial for the client operation.

    * VOLUNTARY: claims marked as nice-to-have for the client operation.



Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com

More information about the Openid-specs-ab mailing list