Due to (2) and (3), note that the set of returned claims may differ from the set of requested claims (1). The set of allowed claim for any particular transaction Access Token is resolved by Introspection.
Five different scope configurations are supported as suggested by the below table, corresponding to the standard scopes
address and the non-standard scope
nnin. Note that some of the claims associated with the
profile scope are returned with the ID Token whereas others are returned via Userinfo. Among all supported claims, note that
nnin is available only to eligible OIDC Clients. The end-user is always in control of the set of claims that is actually returned since most claims demand consent from the end-user.