Configuring claims returned by the UserInfo endpoint
You can configure Liberty OpenID Connect Provider to customize the claims that are returned by the UserInfo endpoint.
About this task
You can configure the claims that are returned from a Liberty server OpenID Connect Provider by using
the scopeToClaimMap
and claimToUserRegistryMap
subelements of the
openidConnectProvider
element in the server.xml file.
- The scopes in the access token
An access token can have multiple scopes. The scopes in an access token are the scopes that are supplied on the authorization endpoint invocation that created the access token.
- The claims that are associated with the scopes
Each scope can have multiple claims that are associated with it.
- The federated repository properties that are associated with the
claims
A claim can have only one federated repository property that is associated with it.
- The user registry attributes that are associated with the federated
repository properties
A federated repository property can have only one user registry attribute that is associated with it.
Liberty defines default scopes, claims, federated registry properties, and default mappings.
Scope | Claims | Federated registry property |
---|---|---|
profile | name, given_name, picture | displayName, givenName, photoURL |
address | address | postalAddress |
phone | phone_number | telephoneNumber |
Each of the following steps is optional. The Liberty server defines default scopes, claims, federated registry properties, and default mappings. The only time that you need to perform any of the following steps is if you want to change a default mapping or define a custom scope or claim.