Skip to content

conform id token end-user claims feature toggle #298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 21, 2018
Merged

conform id token end-user claims feature toggle #298

merged 2 commits into from
Jun 21, 2018

Conversation

@panva
Copy link
Owner

@panva panva commented Jun 19, 2018

Core 1.0 - 5.4. Requesting Claims using Scope Values defines that claims requested using the scope parameter are returned from the UserInfo Endpoint
unless the response_type=id_token.

The Claims requested by the profile, email, address, and phone scope values are returned from the
UserInfo Endpoint, as described in Section 5.3.2, when a response_type value is used that results
in an Access Token being issued. However, when no Access Token is issued (which is the case for
the response_type value id_token), the resulting Claims are returned in the ID Token.

To enable/disable this conform behaviour

const configuration = { features: { conformIdTokenClaims: Boolean[false] } };

The conform/non-conform behaviour results in the following results

flag value request params authorization_endpoint ID Token (if issued) token_endpoint ID Token (if issued)
false response_type= any

scope=openid email		 sub
email
email_verified		 sub
email
email_verified
true response_type= any but id_token

scope=openid email		 sub
email
email_verified		 sub
email
email_verified
true response_type= any but id_token

scope=openid email

claims={"id_token":{"email":null}}		 sub
email
email_verified		 sub
email
email_verified
true response_type=id_token

scope=openid email		 sub
email
email_verified		 n/a

@panva
Add conformIdTokenClaims feature toggle
cc7a530 
This toggle makes the OP only include End-User claims in the ID Token
as defined by Core 1.0 section 5.4 - when the response_type is id_token
or unless requested using the claims parameter.
@codecov
Copy link

codecov bot commented Jun 19, 2018
edited
Loading

Codecov Report

Merging #298 into master will not change coverage.
The diff coverage is 100%.

@@          Coverage Diff          @@
##           master   #298   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files         106    106           
  Lines        2768   2776    +8     
=====================================
+ Hits         2768   2776    +8

@panva panva temporarily deployed to guarded-cliffs-8635 June 19, 2018 21:32 Inactive
@panva panva merged commit 58a57d4 into master Jun 21, 2018
@panva panva deleted the conform-idtoken-claims branch June 21, 2018 14:57
@github-actions github-actions bot locked and limited conversation to collaborators Apr 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@panva