[Openid-specs-ab] user claims in id_token
Mike Schwartz
mike at gluu.org
Thu Aug 20 17:09:44 UTC 2015
>>> Is it valid to request "userinfo" related claims to be in the
>>> id_token?
One thing I've pointed out in the past is that a discovery requests
return the claims supported, and the scopes supported, but not which
claims are associated with which scopes.
In the Gluu Server we naughtily added this one claim to discovery to
help clients know which scope to request, because as Mike Jones pointed
out, some OP's (like the Gluu Server) don't support individual requests
for claims.
Anyway... maybe if there's an OpenID Connect 2.0 at some point its worth
considering. In enterprise use cases where there is custom user claims
and scopes it might be more useful.
"scope_to_claims_mapping": [
{
"scope": "email",
"claims": ["mail"]
},
{
"scope": "address",
"claims": [
"mail",
"street",
"l",
"st",
"postOfficeBox",
"postalCode",
"postalAddress"
]
}
]
More information about the Openid-specs-ab
mailing list