[
https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16081927#comment-16081927
]
Sergey Beryozkin commented on FEDIZ-203:
----------------------------------------
Hi Jan just to follow up on the whole scopes/claims issue.
I've retried a CXF jaxrs/basic_oidc demo, it displays an id token returned from
a Google OIDC service, I can see "email", "name", "first_name", "given_name"
and "locale", alongside other claims like "issuer", etc, without the CXF demo
code specifying any related scopes or claims parameter values.
The other point I'd like to make is that using the scopes as opposed to the
"claims" parameter to get some extra cliams is really not about saying the
"claims" is redundant or using the scopes is equivalent but about requesting at
what point of time these extra properties are returned - given that the scopes
are about giving the permissions to a client app the user is interacting with.
For example, if you check that section further you'll see that if some specific
scopes related to the extraction of the extra claims are set then they will
have to be returned from UserInfo for a code flow case, not in the immediate
IdToken. We do not really enforce it and I'd say it is not a big deal - but
IMHO we really need to do a more involved discussion first about it all....
> Support "roles" scope
> ---------------------
>
> Key: FEDIZ-203
> URL: https://issues.apache.org/jira/browse/FEDIZ-203
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: OIDC
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.4.1
>
> Attachments: cxf.patch, fediz.patch
>
>
> OIDC currently only supports role claims if they are requested as "claims"
> but not via "scope". Goal of this jira issue is to add support for a "roles"
> scope.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
