I'm implementing the $subject and the plan is as below.
1. The scopes and supported claims will be defined in identity.xml as below.
<OpenIDConnect>
<scopes>
<scope id="openid">
<claims>sub</claims>
</scope>
<scope id="email">
<claims>email,email_preferred</claims>
</scope>
<scope id ="profile">
<claims>name, family_name, given_name, middle_name, nickname,
preferred_username, profile, picture, website, gender, birthdate, zoneinfo,
locale, updated_at</claims>
</scope>
<scope id="phone">
<claims>phone_number, phone_number_verified</claims>
</scope>
<scope id="address">
<claims>address,street</claims>
</scope>
</scopes>
</OpenIDConnect>
2. If there are any requested claims, the requested claims will be issued
ignoring the scope when the claims of the openid scope has been configured
as *all* in identity.xml. The requested claims will be issued considering
the scopes when the claims of the openid scope has been configured as *sub*
in identity.xml
3. If there are no requested claims, according to the above configurations
the matching claims will be issued from the user info endpoint according to
the scope.
eg1: If the user requested openid email scope the claims will be
sub,email,email_preferred (When the claims of the openid scope has been
configured as *sub* in identity.xml).
eg2. If the user requested openid email scope the claims will be {all the
mapped attributes},email,email_preferred (When the claims of the openid
scope has been configured as *all* in identity.xml).
Any suggestions will be highly appreciated.
Thanks,
Hasanthi Dissanayake
Software Engineer | WSO2
E: [email protected]
M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
