spring-projects / spring-authorization-server

Spring Authorization Server
https://spring.io/projects/spring-authorization-server
Apache License 2.0
4.86k stars 1.29k forks source link

Scopes for Claims and The claims Request Parameter #212

Open TakahikoKawasaki opened 3 years ago

TakahikoKawasaki commented 3 years ago

OIDC Core 1.0 defines special scope values for claims (Section 5.4) and the claims request parameter (Section 5.5).

These have considerably big impacts on the implementation of ID Token and UserInfo Endpoint. It is highly recommended to support them from the beginning. Otherwise, source code rewriting will be required with high probability.

Note that OpenID Connect for Identity Assurance 1.0 (Implementer's Draft 2) assumes that authorization server implementations support the claims request parameter.

jgrandja commented 3 years ago

Related #176