Custom map for requesting OpenID claims with scope values
OpenID Connect allows client applications (relying parties) to request claims (assertions) about the user by including special OAuth 2.0 scope values in the OpenID authentication request.
For example, a client can use the profile scope value to request access to these user attributes the IdP: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale and updated_at.
OpenID Connect defines four such scope values that expand to specific sets of claims.
| Scope value | Claims |
|---|---|
| profile | name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at |
| email, email_verified Claims. | |
| address | address.formatted, address.street_address, address.locality, address.region, address.postal_code, address.country |
| phone | phone_number, phone_number_verified |
This concept can be applied to other (custom) scope values and claims that the identity provider needs to support. To define such a map use the following configuration file:
/WEB-INF/customClaimsMap.properties
For example, to let the custom org_details scope value request the claims roles, supervisor, employee_number add the following line to the file:
org_profile: roles, supervisor, employee_number