[Openid-specs-ab] What is the relationship between scope and user info claims ?

Roland Hedberg roland.hedberg at adm.umu.se
Mon Sep 19 07:43:16 UTC 2011


So when I use userinfo:claims I can specify that returning an attribute is optional.
What it is the default when using scope, is everything default or required ?

If it is 'optional' (which seems reasonable) then userinfo:claims could be used to raise the 'necessity' to return an attribute ?
If it is 'required' then can userinfo:claims be used to lower the 'necessity' ?

-- Roland

16 sep 2011 kl. 08:55 skrev John Bradley:

> AND should be applied.
> 
> The three scopes for the user-info endpoint are to be thought of as convience shorthand for specifying the same info as claims in the request object.
> 
> John
> On 2011-09-15, at 11:49 PM, Roland Hedberg wrote:
> 
>> Hi!
>> 
>> In an authorization request scope can be defined to be for instance profile which is interpreted as being equal to a claim for all person attributes except for email and address.
>> In an Openid Request object you can list specific attributes your interested in in the userinfo:claims part.
>> 
>> So what relationship are there between these ?
>> 
>> Does any of them take precedence or should an AND be applied or … ?
>> 
>> -- Roland
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 



More information about the Openid-specs-ab mailing list