[Openid-specs-mobile-profile] Requesting Individual Claims

Lodderstedt, Torsten t.lodderstedt at telekom.de
Thu Nov 27 09:30:13 UTC 2014


Hi Gonzalo,

this is an example request similar to the requests we use in our live system:

https://accounts.login.idm.telekom.com/oic?response_type=code&client_id=ABCDEFABCDEFABCDEFABCDEF&scope=openid&redirect_uri=https%3A%2F%2Femail.t-online.de%2F%3Fpf%3D%2Fem&claims=%7B%0A++%22id_token%22%3A%0A++%7B%0A+++%22email%22%3A+%7B%22essential%22%3A+true%7D%0A++%7D%0A%7D

the decoded claims parameter value

{ "id_token": { "email": {"essential": true} } }

essentially tells the OP to put the email claim into the id token.

Hope that helps,
Torsten.

Von: Openid-specs-mobile-profile [mailto:openid-specs-mobile-profile-bounces at lists.openid.net] Im Auftrag von GONZALO FERNANDEZ RODRIGUEZ
Gesendet: Donnerstag, 27. November 2014 10:09
An: openid-specs-mobile-profile at lists.openid.net
Betreff: [Openid-specs-mobile-profile] Requesting Individual Claims

Hi guys,
I am working on the sharing attributes part in the Mobile Connect project. I am thinking about how to ask for new attributes and the only way I see is to ask for individual claims using the "claims" parameter, unless we extend the scopes for some specific attributes in this Mobile Profile WG (We should discuss about this).

I am considering the real situation we have now, and I read in the spec the next: "The claims parameter value is represented in an OAuth 2.0 request as UTF-8 encoded JSON (which ends up being form-urlencoded when passed as an OAuth parameter). When used in a Request Object value, per Section 6.1, the JSON is used as the value of the claims member."

My question is: Does anyone have any example of a request where claims are requested using the Oauth parameter and not the Request Object (url encoded)? (I haven't be able to find one). I would like to know how to indicate that some claims will be returned in the UserInfo and some others will be in the id_token, using the Request Object is crystal clear, but I don't have any clue how to do it using the claims parameter.

Thanks in advance,
Gonza.


________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20141127/c2e73279/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list