[Openid-specs-ab] Resolving ID Token + UserInfo claim requests
Vladimir Dzhuvinov / NimbusDS
vladimir at nimbusds.com
Thu Oct 11 08:25:39 UTC 2012
I started a major refactoring of the OpenID Connect SDK for Java and I'm
currently reviewing the code that takes the incoming
AuthorizationRequest and resolves it to precise ID Token and UserInfo
claim requests for IdP backends to process.
All of you know that when a request object is present this resolving of
the final requested claims can become quite messy. I'm now trying to
come up with a software implementation that manages this process of
resolving the claim requests in the most simple and elegant way.
For that. I want to ask, can we say that the following claims
categorisation is correct:
On the top level we have REQUIRED and OPTIONAL claims:
* REQUIRED claims that the AS must include in all cases: For the IDToken
these are the claims marked as required in Messages 2.1.1.; for UserInfo
the "user_id" claim as per Messages 2.3.2.
* OPTIONAL claims which the AS may or may not provide; of these
depending on the client request we have as per Messages 220.127.116.11.3:
* ESSENTIAL: claims marked as crucial for the client operation.
* VOLUNTARY: claims marked as nice-to-have for the client operation.
Vladimir Dzhuvinov : www.NimbusDS.com : vladimir at nimbusds.com
More information about the Openid-specs-ab