OpenID Connect scopes
Besides the authorization scopes that are formed by resources and permissions (as explained in Resources and permissions), Goiabada supports typical OpenID Connect scopes.
Available OIDC scopes
Section titled “Available OIDC scopes”| OIDC scope | Description |
|---|---|
openid | Will include an id_token in the token response, with the subject identifier (sub claim) |
profile | Access to claims: name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at |
email | Access to claims: email, email_verified |
address | Access to the address claim |
phone | Access to claims: phone_number and phone_number_verified |
groups | Access to the list of groups the user belongs to |
attributes | Access to the attributes assigned to the user by an admin, stored as key-value pairs |
offline_access | Access to a refresh token of the type Offline, allowing the client to obtain a new access token without requiring immediate user interaction |
Example usage
Section titled “Example usage”When making an authorization request, include the scopes you need:
GET /auth/authorize? client_id=my-app& redirect_uri=https://my-app.com/callback& response_type=code& scope=openid profile email groups& code_challenge=...& code_challenge_method=S256The claims corresponding to the requested scopes will be available in the ID token and via the /userinfo endpoint.
Scope to claims mapping
Section titled “Scope to claims mapping”When you request a scope, the following claims become available:
| Scope | Claims in ID token / UserInfo response |
|---|---|
openid | sub (always included) |
profile | name, given_name, middle_name, family_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at |
email | email, email_verified |
address | address (structured object with formatted, street_address, locality, region, postal_code, country) |
phone | phone_number, phone_number_verified |
groups | groups (array of group identifiers) |
attributes | attributes (key-value map of custom attributes) |