Authentication Subject Claims Value Provider
The Authentication Subject claims value provider uses attributes from the authenticated user's subject. This provider accesses basic user information like username that authenticators collect during the authentication flow, enabling tokens to include identity data gathered at login time.
The Authentication Subject claims provider retrieves claims from the authentication subject attributes established during user authentication. These attributes represent the user’s identity as captured by authenticators, distinct from stored profile data or computed values.
Use Cases#
The Authentication Subject claims value provider enables token issuance scenarios that require identity information collected during authentication.
Common use cases include:
- Username Claims: Include the username or login identifier in tokens for user identification and display purposes
- Authentication Attributes: Add attributes that authenticators collected during login, such as email addresses used for authentication or security questions answered
- Identity Verification Data: Include attributes that verify the user’s identity, such as verified email addresses or phone numbers from authentication flows
- Multi-Factor Attributes: Access attributes related to multi-factor authentication, such as which factors the user employed during login
- Lightweight Identity: Provide basic identity claims without querying external user stores, improving token issuance performance for simple scenarios
Getting Started#
To create an Authentication Subject claims value provider, sign in to the Admin UI and navigate to Profiles → Token Service → Scopes → Claims Providers.
Select + New Claims Value Provider, give the provider a unique identifier and choose the Authentication Subject type.
The provider automatically accesses the authentication subject when tokens are issued. No external connections or additional configuration is required.
Available Attributes#
The Authentication Subject claims value provider can expose attributes that authenticators set during the authentication flow. Common attributes include:
userName— The username or login identifier used during authenticationsubject— The subject identifier for the authenticated user- Additional attributes depending on the authenticator type and configuration
The Authentication Subject claims value provider only returns attributes that authenticators set during the authentication flow. The available attributes depend on which authenticators the user employed and what information they collected.