cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <>
Subject [jira] [Commented] (FEDIZ-203) Support "roles" scope
Date Tue, 11 Jul 2017 09:08:00 GMT


Sergey Beryozkin commented on FEDIZ-203:

Hi Jan just to follow up on the whole scopes/claims issue.
I've retried a CXF jaxrs/basic_oidc demo, it displays an id token returned from a Google OIDC
service, I can see "email", "name", "first_name", "given_name" and "locale", alongside other
claims like "issuer", etc, without the CXF demo code specifying any related scopes or claims
parameter values.
The other point I'd like to make is that using the scopes as opposed to the "claims" parameter
to get some extra cliams is really not about saying the "claims" is redundant or using the
scopes is equivalent but about requesting at what point of time these extra properties are
returned - given that the scopes are about giving the permissions to a client app the user
is interacting with. For example, if you check that section further you'll see that if some
specific scopes related to the extraction of the extra claims are set then they will have
to be returned from UserInfo for a code flow case, not in the immediate IdToken. We do not
really enforce it and I'd say it is not a big deal - but IMHO we really need to do a more
involved discussion first about it all....


> Support "roles" scope
> ---------------------
>                 Key: FEDIZ-203
>                 URL:
>             Project: CXF-Fediz
>          Issue Type: New Feature
>          Components: OIDC
>            Reporter: Jan Bernhardt
>            Assignee: Jan Bernhardt
>             Fix For: 1.4.1
>         Attachments: cxf.patch, fediz.patch
> OIDC currently only supports role claims if they are requested as "claims" but not via
"scope". Goal of this jira issue is to add support for a "roles" scope.

This message was sent by Atlassian JIRA

View raw message