Hi, Yes. We do support openid scopes (address, email, phone, profile). (Refer [1]) But as Tharindu has mentioned this too requires the relevant claims that fall under these scopes to be configured as requested claims in the Service Provider.
For example, OIDC scope 'address' would return "address" and "street" claims. But unless you have these claims as requested claims in the claim configuration of the SP. These claims won't be returned although you requested the token with a scope value of "openid address" The idea here is Service Provider requested claims takes priority over claims defined for scopes. [1] https://docs.wso2.com/display/IS530/Configuring+Claims+for+a+Service+Provider (Click to view vital information when configuring claims for an OpenID Connect Service Provider) Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature> On Sat, May 13, 2017 at 11:36 AM, Bhathiya Jayasekara <bhath...@wso2.com> wrote: > @IS team: Do we support these in our current implementation? > > Thanks, > Bhathiya > > On Sat, May 13, 2017 at 11:34 AM, Bhathiya Jayasekara <bhath...@wso2.com> > wrote: > >> Hi Tharindu, >> >> In OIDC there are other standard scopes[1] in addition to 'openid'. These >> scopes are there to request specific user claims. I think we can use them >> here. So when generating tokens, these scopes should be used as per the >> requirement. >> >> [1] http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims >> >> Thanks, >> Bhathiya >> >> On Sat, May 13, 2017 at 12:18 AM, Tharindu Dharmarathna < >> tharin...@wso2.com> wrote: >> >>> Hi All, >>> >>> We had a use case on APIM to send the user claims in the JWT Header to >>> the backend server. >>> >>> Currently APIM C4 architecture was Getting the user claims and generate >>> JWT from Key manager node. >>> >>> As in C5 architecture, we have to get the user claims from the IS or the >>> third party key manager. >>> >>> I had observed below two ways of getting user claims into the Gateway >>> from IS. >>> >>> 1. Generate token with OpenID scope. >>> 2. Call userinfo endpoint with above generated token >>> 3. Call OAuth2TokenValidation Service and get the token. >>> >>> When considering [2] in order to receive user info we have to set the >>> requested claims in service provider according to the App. >>> >>> And from Current C4 architecture, we don't mandate to send openid token >>> as a scope. >>> >>> Is there any other alternative ways to achieve above task. >>> >>> Thanks >>> >>> *Tharindu Dharmarathna*Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94779109091 <077%20910%209091>* >>> >> >> >> >> -- >> *Bhathiya Jayasekara* >> *Associate Technical Lead,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <071%20547%208185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > *Bhathiya Jayasekara* > *Associate Technical Lead,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <+94%2071%20547%208185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
