yurem
commented
2 years ago - We already have DynamicScopeType, SpontaneousScopeType scripts. I wonder if we need to do add anything else for this issue
Open martynaslawinska opened 3 years ago
yurem
commented
2 years ago 
nynymike
commented
2 years ago Customers demand for this feature is low. But let's leave the issue open. The idea that a client could request individual claims, instead of openid scopes, is in the spec. But how to handle whether a client is authorized for claims, how the person consents, is not well defined. It think its preferable at this point to not allow the claims param by default, and to wait for more customer demand to implement a specific solution.
ossdhaval
commented
6 months ago Hi @nynymike
Two years back, we decided to see if we have demand for this feature. Have we seen demand for this? Should we keep this open?
nynymike
commented
6 months ago Probably not, but let's leave it open. Just because it hasn't been a priority, doesn't mean it won't later.
ossdhaval
commented
6 months ago Ok. Moving it to priority-5
nynymike commented on Oct 17, 2019 The claims request parameter is specified here: https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
The admin should be able to see a view of all the claims that are available for a client. Are these claims released via an associated scopes? Or are the explicitly released?
We may want to add claims for:
Perhaps to include the above claims, we can expose a "claims interception script" that can be mapped from the client.
This would also enable us to call out to external claim providers.