Hi Isura, Yes when we mark 'all' in the xml for scope 'openid' it behaves as the previous way. We need to rethink whether it is the correct behavior as it is sending all the claims without considering other scopes. So other scopes become useless. How ever yes, we are using 'openid' scope to behave it as the previous way.
Thanks, Hasanthi Dissanayake Software Engineer | WSO2 E: hasan...@wso2.com M :0718407133| http://wso2.com <http://wso2.com/> On Thu, Jul 14, 2016 at 2:28 PM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Hasanthi, > > What is the default behaviour of claims of the openid scope? I think it > should be "all". > > Thank > Isura. > > On Thu, Jul 14, 2016 at 11:08 AM, Hasanthi Purnima Dissanayake < > hasan...@wso2.com> wrote: > >> I'm implementing the $subject and the plan is as below. >> >> 1. The scopes and supported claims will be defined in identity.xml as >> below. >> <OpenIDConnect> >> <scopes> >> <scope id="openid"> >> <claims>sub</claims> >> </scope> >> <scope id="email"> >> <claims>email,email_preferred</claims> >> </scope> >> <scope id ="profile"> >> <claims>name, family_name, given_name, middle_name, nickname, >> preferred_username, profile, picture, website, gender, birthdate, zoneinfo, >> locale, updated_at</claims> >> </scope> >> <scope id="phone"> >> <claims>phone_number, phone_number_verified</claims> >> </scope> >> <scope id="address"> >> <claims>address,street</claims> >> </scope> >> </scopes> >> </OpenIDConnect> >> >> >> 2. If there are any requested claims, the requested claims will be issued >> ignoring the scope when the claims of the openid scope has been configured >> as *all* in identity.xml. The requested claims will be issued >> considering the scopes when the claims of the openid scope has been >> configured as *sub* in identity.xml >> >> 3. If there are no requested claims, according to the above >> configurations the matching claims will be issued from the user info >> endpoint according to the scope. >> eg1: If the user requested openid email scope the claims will be >> sub,email,email_preferred (When the claims of the openid scope has been >> configured as *sub* in identity.xml). >> eg2. If the user requested openid email scope the claims will be {all the >> mapped attributes},email,email_preferred (When the claims of the openid >> scope has been configured as *all* in identity.xml). >> >> Any suggestions will be highly appreciated. >> >> Thanks, >> >> Hasanthi Dissanayake >> >> Software Engineer | WSO2 >> >> E: hasan...@wso2.com >> M :0718407133| http://wso2.com <http://wso2.com/> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > *Isura Dilhara Karunaratne* > Senior Software Engineer | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 > Blog : http://isurad.blogspot.com/ > > <https://wso2.com/signature> > > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
