[Openid-specs-ab] May 25, 2012 OpenID Connect Update Release
John Bradley
ve7jtb at ve7jtb.com
Tue Jun 5 16:53:21 UTC 2012
I don't know that anyone is deeply attached to having it as a scope. The idea was to not require a request object.
Scopes implicitly specify the RS endpoint. This is sort of modifying the endpoint for other scopes, and I understand that is a touch awkward.
Would something like having separate scopes like:
email_id
profile_id
phone_id
address_id
If you ask for email it comes back from user_info and if you ask for email_id it is in the id_token.
Or is there something else you are thinking such as adding an extra parameter? We are trying not to diverge from OAuth as much as possible. (Yes I know id_token is a big divergence)
If people don't like the claims_in_id_token scope then lets get alternate proposals on the table quickly.
John B.
On 2012-06-05, at 12:25 PM, Brian Campbell wrote:
> I'm trying to understand why a scope was used to indicate the desire for user info claims to be returned in the ID Token? It really seems like something that should be isolated to a flag on the request (a new parameter or something in the request object). It feels out of place as a scope and will require ASs to have special conditional treatment of that one scope value (which I'd like to avoid as I'd think most implementers would).
>
>
> On Sat, May 26, 2012 at 12:13 AM, Mike Jones <Michael.Jones at microsoft.com> wrote:
>
> Added scope value claims_in_id_token as a switch to indicate that the UserInfo claims should be returned in the ID Token, per issue #561
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120605/09064f96/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4937 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120605/09064f96/attachment.p7s>
More information about the Openid-specs-ab
mailing list