Shibboleth IDP for OAuth2
Florian Ritterhoff
ritterhoff.florian at hm.edu
Tue Aug 9 15:50:39 UTC 2022
Well okay. Thanks for the explanations.
Regarding the access_token: So far the desired attributes are available
in the userinfo Endpoint so I guess that my attribute registry/filter
should be okay? The access_token only contains a very basic set of
"sub", "aud", "root_jti", "auth_time", "scope", "iss", "for_op", "exp",
"iat", "client_id", "jti" claim.
Is there maybe any special setting that I could check?
Thanks!
Florian Ritterhoff
Am 09.08.2022 um 16:55 schrieb Cantor, Scott via users:
> Any custom claims that get past the attribute filter and that don't collide with reserved claim names (or that are mapped to other claim names via the registry layer) will be added to the access token if it's in JWT format, that's automatic.
>
> If they're not present, they weren't resolved (or couldn't be resolved on the token endpoint and needed to be embedded in the authorization code instead), or weren't released by the filter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4816 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://shibboleth.net/pipermail/users/attachments/20220809/2a3c9c7d/attachment.p7s>
More information about the users
mailing list