OAuth2 & OpenID Connect Deep Dive · Lesson

Claims Request and aggregated Claims

Learn how OpenID Connect lets clients request specific claims with the claims parameter, and how distributed and aggregated claims deliver assertions from external sources.

Requesting Specific Claims

Beyond scopes like profile or email, OIDC offers a finer-grained claims request parameter. It lets a client ask for individual claims and target where they appear: in the ID token or from UserInfo.

The claims Parameter Shape

The claims parameter is a JSON object with two top-level members: id_token and userinfo. Each maps claim names to a value describing how they are requested.

{
  "id_token": { "auth_time": { "essential": true } },
  "userinfo": { "email": null, "email_verified": null }
}

All lessons in this course

Dynamic Client Registration
OIDC Discovery Endpoint
Session Management
Claims Request and aggregated Claims

← Back to OAuth2 & OpenID Connect Deep Dive