Shibboleth IDP for OAuth2
ritterhoff.florian at hm.edu
Tue Aug 9 15:50:39 UTC 2022
Well okay. Thanks for the explanations.
Regarding the access_token: So far the desired attributes are available
in the userinfo Endpoint so I guess that my attribute registry/filter
should be okay? The access_token only contains a very basic set of
"sub", "aud", "root_jti", "auth_time", "scope", "iss", "for_op", "exp",
"iat", "client_id", "jti" claim.
Is there maybe any special setting that I could check?
Am 09.08.2022 um 16:55 schrieb Cantor, Scott via users:
> Any custom claims that get past the attribute filter and that don't collide with reserved claim names (or that are mapped to other claim names via the registry layer) will be added to the access token if it's in JWT format, that's automatic.
> If they're not present, they weren't resolved (or couldn't be resolved on the token endpoint and needed to be embedded in the authorization code instead), or weren't released by the filter.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
More information about the users