Keys, not values, that are used to express client, and not user, privileges
Requested by the client
Authorized by the AS
Examples: read, openid, user_invoice_update, etc.
read
openid
user_invoice_update
Sometimes consent by the user (useful in 3rd party client integrations)
key:value items (user attributes) within the token
key:value
Asserted by the issuer and claim truth about the subject
Used for fine grained access control
Last updated 1 year ago
subject=jacob age=42 # claim 1 profession=identity geek # claim 2 workplace=cutiry # claim 3 subscription_level=gold # claim 4
