Claims & Scopes
Learn how claims and scopes can be used for standards-based authorization.
Articles
Scopes vs Claims
A short explanation of the differences between scopes and claims.
Centralizing Identity Data
How the claims infrastructure can be used to centralize the identity data.
Using Claims in APIs
How to create a claims-based architecture for APIs and microservices.
Default Scopes
How to use the default scope with a set of default claims.
Introduction to Claims
What are Claims and how are they used.
The Claims Authority
What is a Claims Authority.
Consent and Claims
The relationship between Consent and Claims.
Scopes, Claims and the Client
Thinking about claims from a client perspective.
Claims Explained
Scopes, claims, tokens and everything in between.
Introduction to Scopes
Scopes and their relation to claims.
Videos
Salesforce Claims Provider
Developer How-to's
Custom Claim Data Source
Developer How-to's
Claims Mapper
Developer How-to's
Claims Consentor Demo
Demos
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Live presentations
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Live presentations
A claim is statement that a particular entity has a particular property. In authentication, we usually think of claims as assertions about a user, as asserted by the Identity Provider. Claims are critical to reach the highest level in the API Security Maturity model. When designing a token-based architecture, it's important to understand how identity data is passed around. Claims provide a fundamental means for how to trust that the data is valid and true. A scope is a grouping of claims. In OAuth, a scope is defined as a string that may represent a resource the Client requests access to. The Scope is what gives access to APIs (with a valid token). But Scopes are also what gives access to claims.