Requesting claims

As described in the previous chapter, the claims have to be requested in the SecToken instead of the OpenID access token. They have to be placed into the "openid.claims.requested" field in the SecToken. With this parameter, we can request that specific claims be returned by the UserInfo service. It is represented as a JSON object containing a list of claims that are requested to be returned in the response. The claims request contains only the list of the requested claims, but does not contain the top-level members like "userinfo" and "id-token" described in the OpenID documentation.

Only normal claims are supported. Aggregated and distributed claims are not supported by the nevisIDM UserInfo service.

An example claims request:

{
"sub": "248289761001",
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"email": "[email protected]",
}

nevisIDM will process only the keys of the JSON object; the values will be ignored. The keys determine which claims the response will contain. For example, if the claims request is the previous example, the response will contain only the sub, name, given_name, family_name and e-mail claims.

The response will contain a claim only if the corresponding user attribute is set in nevisIDM. For example, if the user does not have an e-mail address in nevisIDM, the response will not contain the "email" claim, even though it was requested.

The claims request is optional. If no specific claims are requested, the response will contain all supported claims.

Supported claims

The following table contains the standard claims supported by the nevisIDM UserInfo service.

Claim	Type	Corresponding user attributes in nevisIDM	Description
address	JSON object	combination of the address attributes	The postal address of the user. The members are defined in the next chapter.
birthdate	string	birthDate	The user's birth date, represented in "yyyy-mm-dd" format.
email	string	email	E-mail address of the user
family_name	string	name	Last name of the user.
gender	string	sex	The user's gender. The possible values are "female" and "male".
given_name	string	firstName	First name of the user.
preferred_username	string	loginId	The login ID of the user.
locale	string	-	The user's locale represented in "en-US" format, where the first two characters are language codes in lowercase, the second two characters are country codes in uppercase.
name	string	concatenation of title, firstName and name attributes	The user's full name, including his title.
phone_number	string	telephone	The phone number of the user.
sub	string	extid	Identifier of the user. It is always returned by the service; there is no need to request it explicitly.
updated_at	number	ctlModDat	The time of the last update of the user. Its value is a number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

Address claim

The Address claim represents the address information of the user. The following table contains the supported address attributes of the Address claim.

Claim	Type	Corresponding user attributes in nevisIDM	Description
country	string	country	The name of the user's country
formatted	string	Composed from the address attributes in the following format: addressline1, addressline2, street, houseNumber, dwellingNumber, postOfficeBoxNumber, postOfficeBoxText, locality, city, postalcode, country	Full mailing address, formatted for display or use on a mailing label. Newlines are represented as a single line feed character ("\n").
locality	string	city	The city of the user.
postal_code	string	postalCode	The postal code of the user.
region	string	locality	The locality of the user.
street_address	string	Composed from the address attributes in the following format: addressline1, addressline2, street, houseNumber, dwellingNumber, postOfficeBoxNumber, postOfficeBoxText	Full street address component, which may include house number, street number, post office box. Newlines are represented as a single line feed character ("\n").