Page tree
Skip to end of metadata
Go to start of metadata

The notions of Scopes and Claims are at the heart of the OpenID Connect and OAuth2 standards. A Scope is a way for the OIDC Client to indicate to the OIDC Provider what kind of resources (dataset) it requests access to. A dataset consists of attributes about the user and/or the authentication event. Members of such a dataset are referred to as Claims. A Scope in OIDC can therefore be thought of as a shorthand for a larger pre-defined bundle of Claims. An OIDC Client may also request individual Claims, or any set of Claims, for fine-grained access. Note that the set of Claims returned to an OIDC Client in a response from the OIDC Provider may differ from the set of Claims that were requested. The end-user is always in control via consent handling.  

The content of the ID Token that is returned in response to a successful autentication is governed by a basic set of scopes and claims.  Scopes and claims beyond this basic set are used to request Access Tokens of the right kind for subsequent access to various Supplementary Services. 

The following table summarizes supported scopes, mostly standard, concerning ID Tokens and associated profile data (Userinfo). 

(tick) = According to standard. (error) = Feature restriction. (info) = Custom additions

ScopeSupportDescriptionAssociated claims
openid(tick)According to standardSee ID Token
profile(tick) (error)According to standard with exception for some claims

See ID Token  

See Userinfo

See Unsupported claims 

address(tick) (info)Acording to standard with some additional non-standard claimsSee Userinfo  
phone(tick) (info)Acording to standard with some additional non-standard claimsSee Userinfo  
email(tick)According to standardSee Userinfo  
nnin(info)Non-standard scope indicating Norwegian National Identity NumberSee Userinfo  
standard_bankid ??? 

A set of non-standard scopes and claims that are associated with various use-cases under PSD2, including both PISP-scenarios and AISP-scenarios, are described separately.

  • No labels