[Openid-specs-ab] What is the relationship between scope and user info claims ?

John Bradley ve7jtb at ve7jtb.com
Mon Sep 19 15:37:34 UTC 2011


The claims specified by the scope are all optional.

If you want a particular claim to be required you use the claim request to override the scope.

The elements of the request object always override unsigned elements.

John
On 2011-09-16, at 9:21 AM, Roland Hedberg wrote:

> So when I use userinfo:claims I can specify that returning an attribute is optional.
> What it is the default when using scope, is everything default or required ?
> 
> If it is 'optional' (which seems reasonable) then userinfo:claims could be used to raise the 'necessity' to return an attribute ?
> If it is 'required' then can userinfo:claims be used to lower the 'necessity' ?
> 
> -- Roland
> 
> 16 sep 2011 kl. 08:55 skrev John Bradley:
> 
>> AND should be applied.
>> 
>> The three scopes for the user-info endpoint are to be thought of as convience shorthand for specifying the same info as claims in the request object.
>> 
>> John
>> On 2011-09-15, at 11:49 PM, Roland Hedberg wrote:
>> 
>>> Hi!
>>> 
>>> In an authorization request scope can be defined to be for instance profile which is interpreted as being equal to a claim for all person attributes except for email and address.
>>> In an Openid Request object you can list specific attributes your interested in in the userinfo:claims part.
>>> 
>>> So what relationship are there between these ?
>>> 
>>> Does any of them take precedence or should an AND be applied or … ?
>>> 
>>> -- Roland
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110919/06f22515/attachment.p7s>


More information about the Openid-specs-ab mailing list