Skip to content

SpecialClaims

Jump to bottom
Scott Cantor edited this page Feb 16, 2021 · 11 revisions

There are some reserved claims you should not try to define a attribute resolver or filter for. These claims are populated automatically when needed.

Mandatory claims always set to id token.

  • aud
  • iss
  • iat
  • exp

Claims always set to id token.

ACR and Authentication Time are always set to id token. Specification does not mandate this.

  • acr
  • auth_time

Claims set to id token when mandated by specification.

  • at_hash
  • c_hash
  • nonce

Mandatory claims always set to userinfo response when the response is signed.

  • aud
  • iss

(Migrated)

Clone this wiki locally