1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. mobile
  4. Issues

CIBA: Means to request claims to be embedded in the issued ID token

Issue #106 resolved
Takahiko Kawasaki created an issue

Is there any plan to add request parameters for the backchannel authentication endpoint that can specify claims the client wishes to be embedded in the issued ID token (like the claims request parameter in OIDC Core)?

In addition, is it okay to assume that profile, email, address and phone scopes are interpreted in the same way defined in OIDC Core, 5.4. Requesting Claims using Scope Values?

Comments (7)

  2. Brian Campbell

    We should probably discuss this on the next call (in a few hours).

    Yes, it's expected that profile, email, address and phone scopes have the same meaning as from OIDC core. And other scope values as defined/used by the AS/OP have the same meaning when used in CIBA as they do in other contexts.

    There are no current plans for something like the claims request parameter from OIDC Core.

  3. Brian Campbell

    On the 8/23 call there was general consensus that the description of the scope request parameter should be refined to more clearly reflect the fact that it's the requested scope similar to the scope parameter in other OAuth and OIDC requests. And thus allow for profile, email, address and phone scopes values as well as other scope values as defined/used by the AS/OP.

    Issue #108 has been submitted to account for the above while this ticket is left open for the WG to consider the question of supporting the claims request parameter from OIDC Core (or something like it) in CIBA.

  5. Brian Campbell

    Discussed during the Nov 13 MODRNA WG call and there was general consensus to not explicitly define the claims request parameter for CIBA authentication requests. But to double check that the current langue doesn't preclude extension parameters from being used (such asclaims but any extension parameter).

  6. Brian Campbell

    pull request #47 adds a note that an authentication request may contain additional parameters defined by extension or profile. And "OpenID Providers SHOULD ignore unrecognized request parameters." is already in §7.2. Authentication Request Validation.

  7. Dave Tonge

    The PR relating to this has been merged. I think its a nice compromise to not include the claims param but to prevent it from being used. Thanks to everyone for the many discussions around this topic!

  8. Log in to comment
Assignee
Type
enhancement
Priority
minor
Status
resolved
Component
CIBA
Milestone
CIBA Implementer's Draft
Votes
0
Watchers
0
Jira Software: the preferred issue tracker for Bitbucket. Join the team!