How does OIDC handle identity claims and user attributes? What role does the ID Token play in this process?
OIDC uses the ID Token to package identity claims and user attributes, which are requested by the RP through the scope parameter. This token is a secure way to convey this information from the IDP to the RP, enabling the RP to identify the user, personalize their experience, and provide access to protected resources.
1 Like
OIDC can handle identity claims and user attributes using OpenID Connect (OIDC) authentication protocol. There is standard claims. Standard claims are intended to provide an application with user details, such as name, email, and picture, and are pre-defined for the OIDC protocol. These claims are returned in an ID Token and are also available through the /userinfoendpoint.
There is custom claim which are claims that you define, control, and add to a token using Auth0 Actions.
1 Like
The ID token is a security token that includes claims regarding the authentication of the user by the authorization server with the use of an OAuth client application. The ID token may also include other requested claims. It is created on the authorization server’s side to encode the user’s authentication information. Unlike access tokens intended to be consumed by the resource server, ID tokens are intended to be consumed by the third-party application.
1 Like
@Deependra015 Thank you
1 Like
@Hong Thank you! I’ll take a look at this.
1 Like