Versions Compared

Old Version 1

changes.mady.by.user Frode Beckmann Nilsen

Saved on

compared with

New Version Current

changes.mady.by.user Frode Beckmann Nilsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space PDOIDC and version xID_Demo_OIDC

The notions of Scopes and Claims of Scopes and Claims are at the heart of the of OpenID Connect and OAuth2 standards. A Scope is a way for the OIDC Client to indicate to the OIDC Provider what kind of resources ( dataset ) it requests access to. A dataset consists of attributes about the user and/or the authentication event. Members of such a dataset are referred to as Claims. A Scope in OIDC can therefore be thought of as a shorthand for a larger pre-defined bundle of Claims. An OIDC Client may also request individual Claims, or any set of Claims, for fine-grained access.

Note that the set of Claims returned to an OIDC Client in a response from the OIDC Provider may differ from the set of Claims that were requested. The . First because an OIDC Client may not be entitled to the full set of claims that are supported by the OIDC Provider. Secondly, because the end-user is always in control via consent handling.    

The content of the ID Token that is returned in response to a successful autentication is governed by a basic set of scopes and claims.  Scopes and claims beyond this basic set are used to request Access Tokens of the right kind for subsequent access to various Supplementary Services Value-Added Services (VASs)

Standard

The following table summarizes supported scopes, mostly standard, concerning ID Tokens and associated profile data (Userinfo). 

(tick) = According to standard. (error) = Feature restriction. (info) = Custom additions

how the OIDC Provider from BankID supports standard scopes and claims as defined in the OpenID Connect 1.0  standard. 

ScopeSupport
Scope
DescriptionAssociated claims
openid
(tick)
According to standardSee ID Token
profile
(tick) (error)
According to standard with exception for some claims

See ID Token 

 

See Userinfo

See Unsupported claims 

address(tick) (info)

 and default Access Token

addressAcording to standard with some additional non-standard claimsSee
Userinfo 
default Access Token 
phone
(tick) (info)
Acording to standard with some additional non-standard claimsSee
Userinfo
default Access Token 
email
(tick)
According to standardSee
Userinfo
default Access Token 
nnin(info)

Non-standard

Non-standard

...

scopes and/or claims supported by the OpenID Connect Provider from BankID is further described as follows:.

  • Description of additional scopes and claims in ID Token, among them Norwegian National Identity Number

...

 A set of non-standard scopes and claims that are associated with various use-cases under PSD2, including both PISP-scenarios and AISP-scenarios, are described separately.