-
Notifications
You must be signed in to change notification settings - Fork 115
Enabling Standard Claims and Scopes
OpenId Connect declares a few Standard Claims.
OpenId Connect declares a few Scope values and their corresponding Claims.
To use these Standard Claims and scopes, you must enable the Scopes and define the Standard Claims.
Scopes must be enabled in order to use them. Scopes can be enabled in 2 places:
- For each individual authorized app
- For all apps using Doorkeeper
When authorizing the app (POST /oauth/authorize), add space separated scopes for each scope you would like included.
Ex: openid profile email
This is a more difficult way of enabling scopes and likely requires access to the database.
In the Doorkeeper initializer, add config for your desired scopes
default_scopes :openid
optional_scopes :profile, :email, :address, :phone
Note: Scopes set for an individual app will override all scopes set in the initializer.
For example, if an individual app's scopes is openid only, it will not be able to access the email scope even though the initializer set it as an optional scope.
Define standard claims in a claims block inside the doorkeeper_openid_connect.rb initializer. You will need to assign values based upon your specific User model. Here is a simple example for a few claims.
claims do
normal_claim :email do |resource_owner|
resource_owner.email
end
normal_claim :name do |resource_owner|
[resource_owner.first_name, resource_owner.last_name].join(' ')
end
end