See OIDC section 5 for full reference.
The OAuth 2.0 Client decides which claims to request. Currently, only requesting claims using scope values is supported. End-users may consent to a subset of requested claims, unless marked as essential claims.
Supported scopes and claims
| Scope | Presence | Claim | Description |
|---|---|---|---|
| openid | REQUIRED | sub | A pairwise pseudonymous identifier for the natural person. Can be correlated with subsequent requests by the relying party, for example to enable the end-user to log in back later to an previously created account. Cannot be correlated across relying parties. |
| com.cleverbase.proof | OPTIONAL | com.cleverbase.proof | A JSON array of JSON objects with id, content_type and base64_encoded_content fields. Example: [ { "id": "consent", "content_type": "application/xml", "base64_encoded_content": "..." }, { "id": "assertion", "content_type": "application/xml", "base64_encoded_content": "..." } ] |
| com.cleverbase.personal_info | OPTIONAL | given_name, com.cleverbase.last_name, birthdate, com.cleverbase.nationality, com.cleverbase.birthplace | Personal info of the end-user, as present in the identity document. |
| OPTIONAL | email, email_verified | End-user’s preferred email address and whether it’s verified. | |
| com.cleverbase.id_number | OPTIONAL | com.cleverbase.id_number, com.cleverbase.document.type | Document number of the passport or ID card and type used during registration. |
| com.cleverbase.nl_brp_name | OPTIONAL | com.cleverbase.nl_brp_voornaam , com.cleverbase.nl_brp_voorvoegsel, com.cleverbase.nl_brp_geslachtsnaam, com.cleverbase.nl_brp_geslachtsnaam_zonder_voorvoegsel | Claim names based on BRP (Basis Registratie Personen) definitions. |
| com.cleverbase.id_document_issuance_info | OPTIONAL | com.cleverbase.id_document_issuance_date, com.cleverbase.id_document_issuance_place | ID Document place and date of issuance. |
Omitting claims
When claims cannot be shared but are requested by the client, the fields will be ommited from the id_token and userinfo response in line with OpenID Connect Specification 3.3.3.6. This means that clients SHOULD expect not all requested claims to be present in the id_token and userinfo response.