[Openid-specs-ab] user claims in id_token

William Denniss wdenniss at google.com
Fri Aug 28 16:35:48 UTC 2015

On Thu, Aug 20, 2015 at 10:09 AM, Mike Schwartz <mike at gluu.org> wrote:

> Is it valid to request "userinfo" related claims to be in the id_token?
> One thing I've pointed out in the past is that a discovery requests return
> the claims supported, and the scopes supported, but not which claims are
> associated with which scopes.

The spec does suggest what claims should be implied by what scopes:

I interpreted that to mean if a claim is declared as supported in a
discovery doc, it should be returned when the relevant scope is requested
as per 5.4.

Though even if that's the case, there's not guarantee whether that claim
would be in the id token, or userinfo response, as has been pointed out

> In the Gluu Server we naughtily added this one claim to discovery to help
> clients know which scope to request, because as Mike Jones pointed out,
> some OP's (like the Gluu Server) don't support individual requests for
> claims.
> Anyway... maybe if there's an OpenID Connect 2.0 at some point its worth
> considering. In enterprise use cases where there is custom user claims and
> scopes it might be more useful.
> "scope_to_claims_mapping": [
>         {
>             "scope": "email",
>             "claims": ["mail"]
>         },
>         {
>             "scope": "address",
>             "claims": [
>                 "mail",
>                 "street",
>                 "l",
>                 "st",
>                 "postOfficeBox",
>                 "postalCode",
>                 "postalAddress"
>             ]
>         }
> ]
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150828/9af51488/attachment.html>

More information about the Openid-specs-ab mailing list