Versions Compared

Old Version 3

changes.mady.by.user Antti Kallio

Saved on

compared with

New Version 4

changes.mady.by.user Antti Kallio

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In addition to the standard OpenID Connect claims (listed here: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) onePortal supports some additional custom claims. If they are requested in the original authentication request, the corresponding response values are included either in the ID token or in the /userinfo resource, depending on the request (http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).The claim names are formatted as URIs to provide a common private namespace.

List of claims

Since service version 3.2 the list of custom claims can be accessed via the OpenID Connect client configuration user interface. It will list the scopes and claims that are usable on your specific service installation. You can find out the connections between scopes and claims as well.

Image AddedImage Added



Pre-3.2 service version

The claims available before service version 3.2 are listed here

Custom claim nameDescriptionTypeExampleSinceGranted also with scope
https://oneportal.trivore.com/claims/consentsUser consent information.JSON object


Code Block
languagejs
{
 "profiling":true,
 "locationing":true,
 "marketingOther":true,
 "marketingEmail":true,
 "marketingMobileMessage":true,
 "marketingPhone":true,
 "marketingPost":true,
 "marketingPushNotification":true,
}


2.8.4https://oneportal.trivore.com/scope/consent.readonly
https://oneportal.trivore.com/claims/groupsArray of group names user is a member of.JSON array


["admins", "users"]



https://oneportal.trivore.com/scope/groups.readonly
https://oneportal.trivore.com/claims/namespaceNamespace codeString"admin"2.8.1Always granted since 2.8.2.
https://oneportal.trivore.com/claims/strong_identification

User's strong identification status. How has the user been strongly identified. The response object has the following fields:

  • identified: Always present, boolean value, has the user been strongly identified
  • time: Present if available, when was user last identified, in ISO-8601 datetime format with timezone
  • method: Present if available, how was user last identified. Possible values: SUOMI_FI, IN_PERSON. SUOMI_FI includes eIDAS identifications.
JSON object

Code Block
languagejs
{
 "identified": true,
 "time":"2011-12-03T10:15:30Z",
 "method":"SUOMI_FI"
}




https://oneportal.trivore.com/claims/legal_locality

User's legal home city or locality name and code. The response object has the following fields:

  • names: Present if available. A map of 2-character language codes to locality names.
  • code: Present if available. The legal code string of locality.
JSON object


Code Block
languagejs
{
 "names":{
  "fi":"Turku",
  "sv":"Åbo"
 },
 "code":"853"
}



https://oneportal.trivore.com/scope/legalinfo.readonly
https://oneportal.trivore.com/claims/legal_names

User's legal names. The response object may have some of the following fields:

  • calling_name
  • first_names
  • last_name
JSON object


Code Block
languagejs
{
 "calling_name": "Matti",
 "first_names": "Matti Aapeli",
 "last_name":"Meikäläinen"
}


2.8.2https://oneportal.trivore.com/scope/legalinfo.readonly
https://oneportal.trivore.com/claims/minorUser's 'minor' status. Is user a minor? The exact age limit is not specified so the client must make the determination based on their use case.Booleannull, true or false
profile
https://oneportal.trivore.com/claims/personal_id_code

User's personal ID code. The information is sourced from either:

  • Legal info (received from suomi.fi or similar government authority service)
  • Manually performed strong identification (driver's license or other document manually verified)
String"170675-123A"
https://oneportal.trivore.com/scope/legalinfo.readonly
https://oneportal.trivore.com/claims/student

User's student status information. The response object has some of the following fields:

  • state: Student state, one of:
    • fullTime,
    • partTime,
    • notStudent,
    • forbidden, (not allowed to ask from remote source)
    • unknown
  • student_from: Date when user became a student. Not returned if unknown.
  • student_to: Date when user stops being a student. Not returned if unknown.
  • updated: Timestamp when student status was last updated. Not returned if unknown or never updated.
  • last_query_success: Boolean. True if last query from original source was successful. If false, the student information was not updated and may be stale. Client may use the previously known user information if it is not too old, or show an error message to the user if necessary, and try again later. Since 2.8.5.
  • last_query_error: If last_query_success was false, this string contains the known error message. It may be useful for debugging. Since 2.8.5.
JSON object


Code Block
languagejs
{
"state":"fullTime",
"student_from":"2018-06-01",
"student_until":"2018-12-31",
"updated":"2018-10-04T11:26:50.153Z",
"last_query_success":true,
"last_query_error": ""
}


2.8.0https://oneportal.trivore.com/scope/studentinfo.readonly
https://oneportal.trivore.com/claims/tagsUser's tags. Provides an array of string values.JSON array


Code Block
["customer","2019"]


3.2profile

...