[Openid-specs-ab] user claims in id_token

Preibisch, Sascha H Sascha.Preibisch at ca.com
Tue Aug 18 21:35:06 UTC 2015 

Thanks Mike!

And the second part of my question which I forgot:

  *   will these claims endup in the id_token only if a request object is used?

As far as I see it the response_type "id_token" would do the same but not other response_types like "token id_token"
Sascha

From: Mike Jones <Michael.Jones at microsoft.com<mailto:Michael.Jones at microsoft.com>>
Date: Tuesday, August 18, 2015 at 2:31 PM
To: Sascha Preibisch <sascha.preibisch at ca.com<mailto:sascha.preibisch at ca.com>>, "openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net> Ab" <openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>>
Subject: RE: user claims in id_token

Yes, this is valid as the value of a "claims" request parameter.  Bear in mind that not all servers support this parameter, however, so your results will vary depending upon the server used.

                                                                -- Mike

From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Preibisch, Sascha H
Sent: Tuesday, August 18, 2015 2:28 PM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net> Ab
Subject: [Openid-specs-ab] user claims in id_token

Hi!

I almost feel bad to ask because I should find the answer in the spec. But I did not find it.

Is it valid to request "userinfo" related claims to be in the id_token?

Can I sent a request object like shown below? I would like to avoid the call to the /userinfo endpoint.

Thanks, Sascha

{

   "userinfo":

    {

     "given_name": {"essential": true},

     "nickname": null,

     "email": {"essential": true},

     "email_verified": {"essential": true},

     "picture": null,

     "http://example.info/claims/groups": null

    },

   "id_token":

    {

     "given_name": {"essential": true},

     "nickname": null,

     "email": {"essential": true}

    }

  }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150818/d22c1862/attachment.html>

More information about the Openid-specs-ab mailing list