In addition to the standard OpenID Connect claims (listed here: http://openid.net/specs/openid-connect-core-1_0.html#StandardClaims) onePortal supports some additional custom claims. If they are requested in the original authentication request, the corresponding response values are included either in the ID token or in the /userinfo resource, depending on the request (http://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter).
The claim names are formatted as URIs to provide a common private namespace.
...
| Code Block | ||
|---|---|---|
| ||
{
"profiling":true,
"locationing":true,
"marketingOther":true,
"marketingEmail":true,
"marketingMobileMessage":true,
"marketingPhone":true,
"marketingPost":true,
"marketingPushNotification":true,
} |
...
|
...
User's strong identification status. How has the user been strongly identified. The response object has the following fields:
- identified: Always present, boolean value, has the user been strongly identified
- time: Present if available, when was user last identified, in ISO-8601 datetime format with timezone
- method: Present if available, how was user last identified. Possible values: SUOMI_FI, IN_PERSON. SUOMI_FI includes eIDAS identifications.
...
| Code Block | ||
|---|---|---|
| ||
{
"identified": true,
"time":"2011-12-03T10:15:30Z",
"method":"SUOMI_FI"
} |
...
User's legal home city or locality name and code. The response object has the following fields:
- names: Present if available. A map of 2-character language codes to locality names.
- code: Present if available. The legal code string of locality.
...
| Code Block | ||
|---|---|---|
| ||
{
"names":{
"fi":"Turku",
"sv":"Åbo"
},
"code":"853"
} |
...
User's legal names. The response object may have some of the following fields:
- calling_name
- first_names
- last_name
...
| Code Block | ||
|---|---|---|
| ||
{
"calling_name": "Matti",
"first_names": "Matti Aapeli",
"last_name":"Meikäläinen"
} |
...
User's personal ID code. The information is sourced from either:
- Legal info (received from suomi.fi or similar government authority service)
- Manually performed strong identification (driver's license or other document manually verified)
...
User's student status information. The response object has some of the following fields:
state: Student state, one of:fullTime,partTime,notStudent,forbidden, (not allowed to ask from remote source)unknown
student_from: Date when user became a student. Not returned if unknown.student_to: Date when user stops being a student. Not returned if unknown.updated: Timestamp when student status was last updated. Not returned if unknown or never updated.last_query_success: Boolean. True if last query from original source was successful. If false, the student information was not updated and may be stale. Client may use the previously known user information if it is not too old, or show an error message to the user if necessary, and try again later. Since 2.8.5.last_query_error: If last_query_success was false, this string contains the known error message. It may be useful for debugging. Since 2.8.5.
...
| Code Block | ||
|---|---|---|
| ||
{
"state":"fullTime",
"student_from":"2018-06-01",
"student_until":"2018-12-31",
"updated":"2018-10-04T11:26:50.153Z",
"last_query_success":true,
"last_query_error": ""
} |
...
| Code Block |
|---|
["customer","2019"] |
...
List of claims
The list of custom claims can be accessed via the OpenID Connect client configuration user interface.
...
It will list the scopes and claims that are usable on your specific service installation. You can find out the connections between scopes and claims as well.
...