Consent Claims Value Provider

The Consent claims provider returns consent-related data based on the authenticated user’s authorization decisions. This allows downstream systems to understand what access has been explicitly granted by the user and enforce consent-based authorization policies.

Use Cases#

The Consent claims value provider enables consent-aware authorization and privacy compliance scenarios.

Common use cases include:

• Consent Tracking: Include consent information in tokens to track which scopes and permissions the user has explicitly approved for specific clients
• Privacy Compliance: Support GDPR and other privacy regulations by providing verifiable records of user consent decisions within tokens
• Delegated Access Control: Enable fine-grained authorization by including claims about what specific resources or data the user has consented to share
• Consent Revocation: Facilitate consent management by including consent metadata that downstream systems can use to enforce current consent status
• Audit and Transparency: Provide detailed consent information in tokens for audit trails that demonstrate user authorization and consent workflows

Getting Started#

To create a Consent claims value provider, sign in to the Admin UI and navigate to Profiles → Token Service → Scopes → Claims Providers.

Select + New Claims Value Provider, give the provider a unique identifier and choose the Consent type.

The provider retrieves consent information for the authenticated user when tokens are issued.

Available Attributes#

The Consent claims value provider returns:

• Consent decisions and approval status for requested scopes
• Information about delegated access permissions granted by the user
• Consent metadata such as when consent was granted and for which client