Skip to main content
Version: 8.2405.x.x RR

Requesting claims

As described in the previous chapter, the claims have to be requested in the SecToken instead of the OpenID access token. They have to be placed into the "openid.claims.requested" field in the SecToken. With this parameter, we can request that specific claims be returned by the UserInfo service. It is represented as a JSON object containing a list of claims that are requested to be returned in the response. The claims request contains only the list of the requested claims, but does not contain the top-level members like "userinfo" and "id-token" described in the OpenID documentation.

Only normal claims are supported. Aggregated and distributed claims are not supported by the nevisIDM UserInfo service.

An example claims request:

{
"sub": "248289761001",
"name": "Jane Doe",
"given_name": "Jane",
"family_name": "Doe",
"email": "[email protected]",
}

nevisIDM will process only the keys of the JSON object; the values will be ignored. The keys determine which claims the response will contain. For example, if the claims request is the previous example, the response will contain only the sub, name, given_name, family_name and e-mail claims.

The response will contain a claim only if the corresponding user attribute is set in nevisIDM. For example, if the user does not have an e-mail address in nevisIDM, the response will not contain the "email" claim, even though it was requested.

The claims request is optional. If no specific claims are requested, the response will contain all supported claims.

Supported claims

The following table contains the standard claims supported by the nevisIDM UserInfo service.

ClaimTypeCorresponding user attributes in nevisIDMDescription
addressJSON objectcombination of the address attributesThe postal address of the user. The members are defined in the next chapter.
birthdatestringbirthDateThe user's birth date, represented in "yyyy-mm-dd" format.
emailstringemailE-mail address of the user
family_namestringnameLast name of the user.
genderstringsexThe user's gender. The possible values are "female" and "male".
given_namestringfirstNameFirst name of the user.
preferred_usernamestringloginIdThe login ID of the user.
localestring-The user's locale represented in "en-US" format, where the first two characters are language codes in lowercase, the second two characters are country codes in uppercase.
namestringconcatenation of title, firstName and name attributesThe user's full name, including his title.
phone_numberstringtelephoneThe phone number of the user.
substringextidIdentifier of the user. It is always returned by the service; there is no need to request it explicitly.
updated_atnumberctlModDatThe time of the last update of the user. Its value is a number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

Address claim

The Address claim represents the address information of the user. The following table contains the supported address attributes of the Address claim.

ClaimTypeCorresponding user attributes in nevisIDMDescription
countrystringcountryThe name of the user's country
formattedstringComposed from the address attributes in the following format: addressline1, addressline2, street, houseNumber, dwellingNumber, postOfficeBoxNumber, postOfficeBoxText, locality, city, postalcode, countryFull mailing address, formatted for display or use on a mailing label. Newlines are represented as a single line feed character ("\n").
localitystringcityThe city of the user.
postal_codestringpostalCodeThe postal code of the user.
regionstringlocalityThe locality of the user.
street_addressstringComposed from the address attributes in the following format: addressline1, addressline2, street, houseNumber, dwellingNumber, postOfficeBoxNumber, postOfficeBoxTextFull street address component, which may include house number, street number, post office box. Newlines are represented as a single line feed character ("\n").