Claims in Authentication and Authorization

What are Claims?

In the context of authentication and authorization, claims are statements about an entity, such as a user, made by an identity provider (IdP). Claims describe attributes, characteristics, or other properties associated with an entity.

How Claims are Used

Claims are typically packaged into security tokens, such as SAML (Security Assertion Markup Language) tokens or JWTs (JSON Web Tokens). They convey information about the entity's identity and associated permissions.

Importance of Claims

Claims are essential for implementing authentication and authorization processes. Relying parties (e.g., web applications) examine these claims to determine:

Whether the user should be granted access
The level of access the user should receive

Claims-based authentication and authorization provide a flexible and standardized approach to identity and access management across applications and services.

The assurance level is shared with the relying party as one of the claims in the ID token. In summary, a claim is a piece of asserted information about the authorized end-user.

Essential and Voluntary Claims

Essential Claims

Necessary user information that the relying party must collect to fulfill service obligations to residents.

Voluntary Claims

Additional user details that residents may choose to provide, enabling access to supplementary features offered by the relying party.

Standard OIDC User Claims Supported

When eSignet is integrated with MOSIP IDA, the following standard OIDC user claims are supported:

name
gender
address
birthdate
email
phone_number
picture

Note: The list of supported claims is given out in the openid-configuration .well-known endpoint.

Supported Values in Application Properties

The following properties in application-default.properties hold the supported values:

mosip.esignet.discovery.key-values=

mosip.esignet.openid.scope.claims=

Last updated 8 days ago

Was this helpful?