The notions of Scopes and Claims are at the heart of the OpenID Connect and OAuth2 standards. A Scope is a way for the OIDC Client to indicate to the OIDC Provider what kind of dataset (resources) it requests access to. The kinds of things that are accessible in OIDC are attributes about the user and/or the authentication event. A Scope in OIDC can be thought of as a bundle of Claims, where Claims are specific attributes about the user and/or the authentication event. OIDC Client may also request individual Claims, or any set of Claims, for fine-grained access. Scopes can be regarded as the shorthand for larger pre-defined set of Claims. Note that set of Claims returned to an OIDC Client in a response from the OIDC Provider may differ from the set of Claims that were requested. The end-user is always in control via consent handling.
| Scope | Description | |
|---|---|---|
openid | ||
profile | ||
address | ||
phone | ||
email | ||
nnin | ||
standard_bankid | ??? |