Claims & Scopes

Claims & Scopes

Learn how claims and scopes can be used for standards-based authorization.

A claim is statement that a particular entity has a particular property. In authentication, we usually think of claims as assertions about a user, as asserted by the Identity Provider. Claims are critical to reach the highest level in the API Security Maturity model. When designing a token-based architecture, it's important to understand how identity data is passed around. Claims provide a fundamental means for how to trust that the data is valid and true. A scope is a grouping of claims. In OAuth, a scope is defined as a string that may represent a resource the Client requests access to. The Scope is what gives access to APIs (with a valid token). But Scopes are also what gives access to claims.

Implementing the Vectors of Trust Method

Implementing the Vectors of Trust Method

Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust.

Implementing Claims Best Practices

Implementing Claims Best Practices

Curity's Identity specialists provide a tutorial and video showing how to implement a use case where custom claims are included in access tokens.

Claims Best Practices

Claims Best Practices

Curity's identity specialists provide a tutorial and video showing how to implement a use case where custom claims are included in access tokens.

Scope Best Practices

Scope Best Practices

Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes.

Consent and Claims

Consent and Claims

Learn how consent relates to claims in the authorization process.

Introduction to OAuth Scopes

Introduction to OAuth Scopes

Discover how to use the default scope with a set of default claims.

What is Claims Authority?

What is Claims Authority?

A brief overview of what a claims authority is and what role it plays in the process of issuing claims.

Introduction to Scopes

Introduction to Scopes

Learn what scopes are, their role in authorization, and how to handle them properly as well as the difference between OAuth scopes and OpenID scopes.

Claims Explained

Claims Explained

This article provides an overview of the claims ontology. Scopes, claims, tokens and how they are related in the authentication system.

Using Claims in APIs

Using Claims in APIs

Learn how to create a claims-based architecture for APIs and microservices.

Centralizing Identity Data

Centralizing Identity Data

An enterprise has many clients that require data of a user's identity. How can the claims infrastructure be used to sustain all parts of an organization?

Scopes, Claims and the Client

Scopes, Claims and the Client

This article breaks down the different aspects of claims and scopes from a client perspective. We discuss tokens and claims, requesting and receiving claims.

Introduction to Claims

Introduction to Claims

When designing a token-based architecture, it's vital to know how identity data is handled in the system. Learn how Claims are used during authentication.

Scopes vs Claims

Scopes vs Claims

In OAuth and OpenID Connect scopes and claims appear quite often. This short article explains the differences between these two concepts.

Videos

Implementing Claims Best Practices
Salesforce Claims Provider
Custom Claim Data Source
Claims Mapper
Claims Consentor Demo
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes