non-standard OIDC scopes

Greg Haverkamp gahaverkamp at
Mon Jun 8 22:44:32 UTC 2020

It's more than just that.  To the extent you're doing an OIDC
authentication and obtaining and using an access tokenyou may very well
want scopes for reasons other than just restricting claims.  And you're
probably going to want to go ahead and request the added scopes during the
OIDC authentication and authorization process, rather than doing a token
exchange and doing it then.


On Mon, Jun 8, 2020 at 3:28 PM Liam Hoekenga <liamr at> wrote:

> On Mon, Jun 8, 2020 at 4:28 PM Wessel, Keith <kwessel at> wrote:
>> Well, yes, it’s technically possible. I thought I had read at one point
>> in the OIDC spec that inventing additional scopes was a violation of the
>> profile, but I’m not seeing that now. So… carry on.
> I'd obviously like to stick with predefined / standard scopes, but there's
> stuff out there (e.g.
> thanks for the confirmation about naming claims!
> Liam
> --
> For Consortium Member technical support, see
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list