Claims

Scopes

  • Keys, not values, that are used to express client, and not user, privileges

  • Requested by the client

  • Authorized by the AS

  • Examples: read, openid, user_invoice_update, etc.

  • Sometimes consent by the user (useful in 3rd party client integrations)

Claims

  • key:value items (user attributes) within the token

  • Asserted by the issuer and claim truth about the subject

  • Used for fine grained access control

subject=jacob
age=42 # claim 1
profession=identity geek # claim 2
workplace=cutiry # claim 3
subscription_level=gold # claim 4
PreviousJSON Web TokensNextAPIs & Gateways

Last updated