The role of non-standard scopes
Issue #1051
resolved
Everyone that has worked with OIDC has assumed that there will be non-standard claims added to the userinfo response. Together with this it's reasonable to assumed that we will also seen non-standard scope values that like some of the standard ones (profile, email, ..) can be used to request that a specific set of information should be available as Claim Values.
With that in mind the sentence 'Using the claims parameter is the only way to request Claims outside the standard set.' at the end of section 5.5 is obviously incorrect.
I think that sentence should just be removed.
Comments (6)
-
-
- changed status to open
-
-
assigned issue to
-
assigned issue to
-
I think that sentence should just be removed.
I agree.
I also agree.
-
Will be fixed by https://bitbucket.org/openid/connect/pull-requests/576
-
- changed status to resolved
- Log in to comment
node oidc-provider allows the OP to be configured exactly like this, define supported scope values (static and dynamic), define claims, define their mapping, this way the developers can provide the standard ones as well as non-standard. A claim that doesn't have a scope mapping can then only be requested using the claims parameter.
I agree.