Re: [Architecture] Supporting OpenIDConnect Scope Parameters

Thu, 14 Jul 2016 02:00:40 -0700 

Hi Hasanthi,

What is the default behaviour of claims of the openid scope? I think it
should be "all".

Thank
Isura.

On Thu, Jul 14, 2016 at 11:08 AM, Hasanthi Purnima Dissanayake <
hasan...@wso2.com> wrote:

> I'm implementing the $subject and the plan is as below.
>
> 1. The scopes and supported claims will be defined in identity.xml as
> below.
> <OpenIDConnect>
> <scopes>
>     <scope id="openid">
>         <claims>sub</claims>
>     </scope>
>     <scope id="email">
>         <claims>email,email_preferred</claims>
>     </scope>
>     <scope id ="profile">
>         <claims>name, family_name, given_name, middle_name, nickname,
> preferred_username, profile, picture, website, gender, birthdate, zoneinfo,
> locale, updated_at</claims>
>     </scope>
>     <scope id="phone">
>         <claims>phone_number, phone_number_verified</claims>
>     </scope>
>     <scope id="address">
>         <claims>address,street</claims>
>     </scope>
> </scopes>
> </OpenIDConnect>
>
>
> 2. If there are any requested claims, the requested claims will be issued
> ignoring the scope when the claims of the openid scope has been configured
> as *all* in identity.xml. The requested claims will be issued considering
> the scopes when the claims of the openid scope has been configured as
> *sub* in identity.xml
>
> 3. If there are no requested claims, according to the above configurations
> the matching claims will be issued from the user info endpoint according to
> the scope.
> eg1: If the user requested openid email scope the claims will be
> sub,email,email_preferred (When the claims of the openid scope has been
> configured as *sub* in identity.xml).
> eg2. If the user requested openid email scope the claims will be {all the
> mapped attributes},email,email_preferred (When the claims of the openid
> scope has been configured as *all* in identity.xml).
>
> Any suggestions will be highly appreciated.
>
> Thanks,
>
> Hasanthi Dissanayake
>
> Software Engineer | WSO2
>
> E: hasan...@wso2.com
> M :0718407133| http://wso2.com <http://wso2.com/>
>
> _______________________________________________
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 

*Isura Dilhara Karunaratne*
Senior Software Engineer | WSO2
Email: is...@wso2.com
Mob : +94 772 254 810
Blog : http://isurad.blogspot.com/

<https://wso2.com/signature>

_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to