[Openid-specs-ab] user claims in id_token

Torsten Lodderstedt torsten at lodderstedt.net
Fri Aug 28 09:57:20 UTC 2015


Hi Sascha,

you don't need to use the request object, the plain request parameter 
does the job as well. And it should work across response types.

best regards,
Torsten.

Am 18.08.2015 um 23:35 schrieb Preibisch, Sascha H:
> Thanks Mike!
>
> And the second part of my question which I forgot:
>
>   * will these claims endup in the id_token only if a request object
>     is used?
>
> As far as I see it the response_type “id_token” would do the same but 
> not other response_types like “token id_token”
> Sascha
>
> From: Mike Jones <Michael.Jones at microsoft.com 
> <mailto:Michael.Jones at microsoft.com>>
> Date: Tuesday, August 18, 2015 at 2:31 PM
> To: Sascha Preibisch <sascha.preibisch at ca.com 
> <mailto:sascha.preibisch at ca.com>>, "openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net> Ab" 
> <openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net>>
> Subject: RE: user claims in id_token
>
> Yes, this is valid as the value of a “claims” request parameter.  Bear 
> in mind that not all servers support this parameter, however, so your 
> results will vary depending upon the server used.
>
> -- Mike
>
> *From:*Openid-specs-ab 
> [mailto:openid-specs-ab-bounces at lists.openid.net] *On Behalf Of 
> *Preibisch, Sascha H
> *Sent:* Tuesday, August 18, 2015 2:28 PM
> *To:* openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net> Ab
> *Subject:* [Openid-specs-ab] user claims in id_token
>
> Hi!
>
> I almost feel bad to ask because I should find the answer in the spec. 
> But I did not find it.
>
> Is it valid to request “userinfo” related claims to be in the id_token?
>
> Can I sent a request object like shown below? I would like to avoid 
> the call to the /userinfo endpoint.
>
> Thanks, Sascha
>
> {
>    "userinfo":
>     {
>      "given_name": {"essential": true},
>      "nickname": null,
>      "email": {"essential": true},
>      "email_verified": {"essential": true},
>      "picture": null,
>      "http://example.info/claims/groups": null
>     },
>    "id_token":
>     {
>      "given_name": {"essential": true},
>      "nickname": null,
>      "email": {"essential": true}
>     }
>   }
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150828/99919266/attachment.html>


More information about the Openid-specs-ab mailing list