Menu
▾
▴
Re: [Unity-idm-discuss] Claims in id token
|
From: Krzysztof B. <kb...@un...> - 2022-03-07 14:31:33
|
hi, W dniu 01.03.2022 o 17:06, Krzysztof Benedyczak pisze: > Hi, > > W dniu 01.03.2022 o 09:46, Sander Apweiler pisze: >> Good morning, >> >> a short addition. It is not only the oidc-agent witch has a problem >> with the token size. EUDAT B2SAFE has it as well because they use the >> token as password in iRODS and this has also limitations in size. >> >> And yes the most problems for switching the scopes would be for the >> users of the oidc-agent. Because all other set them once. > > So maybe after all a proprietary request flag saying "add all claims > to JWT AT"? Proprietary, but also dead simple and addressing your use > cases in a direct way. Sander, any opinions here? Wrt to Marcus proposal, the name of the parameter can be "scopes_at" (or alike). That said I'm very doubtful whether this should go inside the 'claims' request parameter. Which as spec says is to request individual claims and would be counter intuitive to use it for specifying which scopes should go to AT (and we would need to support the base spec, which is kinda "ton of work and no one will use it"). Best, Krzysztof |
