[Openid-specs-ab] Add claim filter to user info request
Torsten Lodderstedt
torsten at lodderstedt.net
Thu May 2 06:17:48 UTC 2013
Hi all,
please take a look at
https://bitbucket.org/openid/connect/issue/832/standard-41-add-claim-filter-to-user-info
and give your feedback.
I think the way to control the claim set returned by the user info
endpoint needs some clarification/improvement.
regards,
Torsten.
----------------------------------------------------------
It seems the claim set returned by the user info response is controlled
by the scope/claim parameter of the openid authorization request. This
means a client must acquire a new access token in order to effectively
change the response of the user info endpoint. Seems a bit strange to
me.
Moreover, it also requires the client to specify all claims it wants to
query when obtaining the access token. For our internal applications,
this would mean to send up to 40 claim names in an authorization
although access is not authorized by the user but a system policy on a
per client base. This unnecessary increases the request size (URL
length).
I think a parameter to list the claims a client wants to obtain would
be very useful and a reasonable extension to the current design.
More information about the Openid-specs-ab
mailing list