non-standard OIDC scopes
Wessel, Keith
kwessel at illinois.edu
Mon Jun 8 21:27:50 UTC 2020
Well, yes, it’s technically possible. I thought I had read at one point in the OIDC spec that inventing additional scopes was a violation of the profile, but I’m not seeing that now. So… carry on.
Keith
From: users <users-bounces at shibboleth.net> On Behalf Of Liam Hoekenga
Sent: Monday, June 8, 2020 3:30 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: non-standard OIDC scopes
On Mon, Jun 8, 2020 at 3:02 PM Wessel, Keith <kwessel at illinois.edu<mailto:kwessel at illinois.edu>> wrote:
Adding custom scopes, as I understand it, is not allowed.
In what sense? Philosophically? Because it is technically possible..
<AttributeFilterPolicy id="oidc_edumember">
<PolicyRequirementRule xsi:type="oidcext:OIDCScope" value="edumember" />
<AttributeRule attributeID="isMemberOf">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
Liam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200608/d8940086/attachment.htm>
More information about the users
mailing list