# Claims in Authentication and Authorization

## **What are Claims?**

In the context of authentication and authorization, **claims** are statements about an entity, such as a user, made by an **identity provider (IdP)**. Claims describe **attributes, characteristics, or other properties** associated with an entity.

## **How Claims are Used**

Claims are typically packaged into **security tokens**, such as SAML (Security Assertion Markup Language) tokens or JWTs (JSON Web Tokens). They convey information about the entity's **identity** and **associated permissions**.

## **Importance of Claims**

Claims are essential for implementing **authentication and authorization processes**. Relying parties (e.g., web applications) examine these claims to determine:

* Whether the user should be granted access
* The level of access the user should receive

Claims-based authentication and authorization provide a **flexible and standardized** approach to identity and access management across applications and services.

{% hint style="info" %}
The **assurance level** is shared with the relying party as one of the claims in the ID token. In summary, a claim is a **piece of asserted information about the authorized end-user**.
{% endhint %}

## Essential and Voluntary Claims <a href="#essential-and-voluntary-claims" id="essential-and-voluntary-claims"></a>

### **Essential Claims**

Necessary user information that the relying party **must collect** to fulfill service obligations to residents.

### **Voluntary Claims**

Additional user details that residents may choose to provide, enabling access to **supplementary features** offered by the relying party.

### Standard OIDC User Claims Supported <a href="#standard-oidc-user-claims-supported" id="standard-oidc-user-claims-supported"></a>

When eSignet is integrated with MOSIP IDA, the following standard OIDC user claims are supported:

* `name`
* `gender`
* `address`
* `birthdate`
* `email`
* `phone_number`
* `picture`

{% hint style="info" %}
**Note:** The list of supported claims is given out in the [***openid-configuration .well-known***](/esignet-authentication/develop/configuration/.well-known/openid-configuration.md) endpoint.
{% endhint %}

### Supported Values in Application Properties <a href="#supported-values-in-application-properties" id="supported-values-in-application-properties"></a>

The following properties in `application-default.properties` hold the supported values:

```properties
mosip.esignet.discovery.key-values=

mosip.esignet.openid.scope.claims=
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.esignet.io/esignet-authentication/develop/configuration/claims.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.