non-standard OIDC scopes
Greg Haverkamp
gahaverkamp at lbl.gov
Mon Jun 8 22:44:32 UTC 2020
It's more than just that. To the extent you're doing an OIDC
authentication and obtaining and using an access tokenyou may very well
want scopes for reasons other than just restricting claims. And you're
probably going to want to go ahead and request the added scopes during the
OIDC authentication and authorization process, rather than doing a token
exchange and doing it then.
Greg
On Mon, Jun 8, 2020 at 3:28 PM Liam Hoekenga <liamr at umich.edu> wrote:
> On Mon, Jun 8, 2020 at 4:28 PM Wessel, Keith <kwessel at illinois.edu> wrote:
>
>> Well, yes, it’s technically possible. I thought I had read at one point
>> in the OIDC spec that inventing additional scopes was a violation of the
>> profile, but I’m not seeing that now. So… carry on.
>>
>
> I'd obviously like to stick with predefined / standard scopes, but there's
> stuff out there (e.g.
> https://connect2id.com/products/server/docs/config/claims-mapping)
>
> thanks for the confirmation about naming claims!
>
> Liam
> --
> For Consortium Member technical support, see
> https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20200608/ae2c901a/attachment.htm>
More information about the users
mailing list