The following is a list of the supported scopes and claims for the OIDC protocol.
Standard Claims
|
Scope |
Claim(s) |
Data Source / Description |
Visibility |
|
openid |
sub |
berkeleyEduKerberosPrincipalString (default, can be overriden) |
|
|
iss |
Issuer of the response (URL) |
||
|
aud |
Audience that the ID token is itended for. Same as client_id |
||
|
exp |
Expiration time of the ID token |
||
|
iat |
Time at which the JWT was issued. |
||
|
profile |
family_name |
||
|
given_name |
|||
|
name |
|||
|
preferred_username |
|||
|
|
|
private |
Custom Claims
|
Scope |
Claim(s) |
Data Source |
Visibility |
|
berkeley_edu_default |
uid |
||
|
affiliations |
|||
|
groups |
|||
|
berkeley_edu_groups |
groups |
berkeleyEduIsMemberOf |
|
|
berkeley_edu_dept_number |
department_number |
||
|
berkeley_edu_employee_id |
employee_id |
private |
|
|
berkeley_edu_cs_id |
cs_id |
private |
|
|
berkeley_edu_student_id |
student_id |
private |
|
|
berkeley_edu_ou |
ou |