[
https://issues.apache.org/jira/browse/FEDIZ-203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16105142#comment-16105142
]
Jan Bernhardt commented on FEDIZ-203:
-------------------------------------
I had to add additional Claims in the UserInfoService. I think the best
approach would be if the requested scopes are connected to the access token and
used to identify the desired claims.
{code}
<bean id="userInfoService"
class="org.apache.cxf.rs.security.oidc.idp.UserInfoService">
<property name="oauthDataProvider" ref="oauthProvider"/>
<property name="jwsRequired" value="false"/>
<property name="additionalClaims">
<list>
<value>roles</value>
</list>
</property>
</bean>
{code}
> Support "roles" scope
> ---------------------
>
> Key: FEDIZ-203
> URL: https://issues.apache.org/jira/browse/FEDIZ-203
> Project: CXF-Fediz
> Issue Type: New Feature
> Components: OIDC
> Reporter: Jan Bernhardt
> Assignee: Jan Bernhardt
> Fix For: 1.4.1
>
> Attachments: cxf.patch, fediz.patch
>
>
> OIDC currently only supports role claims if they are requested as "claims"
> but not via "scope". Goal of this jira issue is to add support for a "roles"
> scope.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
