[Openid-specs-ab] user claims in id_token

Vladimir Dzhuvinov vladimir at connect2id.com
Tue Sep 1 07:14:05 UTC 2015


Hi Mike,

Thanks for sharing this, we recently considered implementing something
similar.

What was the rationale for this particular layout instead of using a
straight scope_name -> [claim-1, claim-2, ...] mapping?

"scope_to_claims_mapping":

{
"email"   : [ "mail" ],
"address" : [ "mail", "street", "l", "st", "postOfficeBox", "postalCode", "postalAddress"]
}


Cheers,

Vladimir

On 20.08.2015 20:09, Mike Schwartz wrote:
>>>> Is it valid to request "userinfo" related claims to be in the
>>>> id_token?
>
> One thing I've pointed out in the past is that a discovery requests
> return the claims supported, and the scopes supported, but not which
> claims are associated with which scopes.
>
> In the Gluu Server we naughtily added this one claim to discovery to
> help clients know which scope to request, because as Mike Jones
> pointed out, some OP's (like the Gluu Server) don't support individual
> requests for claims.
>
> Anyway... maybe if there's an OpenID Connect 2.0 at some point its
> worth considering. In enterprise use cases where there is custom user
> claims and scopes it might be more useful.
>
> "scope_to_claims_mapping": [
>         {
>             "scope": "email",
>             "claims": ["mail"]
>         },
>         {
>             "scope": "address",
>             "claims": [
>                 "mail",
>                 "street",
>                 "l",
>                 "st",
>                 "postOfficeBox",
>                 "postalCode",
>                 "postalAddress"
>             ]
>         }
> ]
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-- 
Vladimir Dzhuvinov :: vladimir at connect2id.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3711 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20150901/13419ed0/attachment.p7s>


More information about the Openid-specs-ab mailing list