[Openid-specs-ab] A request for all possible claims (was OpenID Connect for Identity Proofing)
sanz at denic.de
Mon Sep 16 08:37:14 UTC 2019
while taking a look at
I stumbled* upon
Note: A claims sub-element with value null is interpreted as a request for
all possible Claims. An example is shown in the following:
Note: The claims sub-element can be omitted, which is equivalent to a
claims element whose value is null.
This is a very powerful/useful request type. As a matter of fact we are
using something similar and would like to extend this expressiveness it to
non-verified claims (details on the use case with pleasure upon request).
>From what we see, the OIDC core doesn't have something comparable though
and we were wondering, what would be the best OIDC syntax to deal with it.
A) First possibility, mimicking the verified claims world, the auth
request contains at the top level
(also read "id_token" instead of "userinfo" if you want to)
B) Second possibility, introducing a "special" claim name with a wildcard
C) Whatever you suggest.
Any guidance on this would be welcome.
Thanks and regards
* Three "Note:" in a row are probably not the best stylistics.. :-)
More information about the Openid-specs-ab