Claims & Scopes
Learn how claims and scopes can be used for standards-based authorization.
A claim is statement that a particular entity has a particular property. In authentication, we usually think of claims as assertions about a user, as asserted by the Identity Provider. Claims are critical to reach the highest level in the API Security Maturity model. When designing a token-based architecture, it's important to understand how identity data is passed around. Claims provide a fundamental means for how to trust that the data is valid and true. A scope is a grouping of claims. In OAuth, a scope is defined as a string that may represent a resource the Client requests access to. The Scope is what gives access to APIs (with a valid token). But Scopes are also what gives access to claims.
Claims Best Practices
Best practices for implementing claims. Learn how to issue custom claims step by step.
Scope Best Practices
Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes.
Using Vectors of Trust
Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust.
Default Scopes
Discover how to use the default scope with a set of default claims.
Selective Disclosure for JWTs (SD-JWT)
Selective disclosure is the ability to select which data within a signed document to disclose to a counterpart compared to sharing all data at once. This article describes SD-JWT, a format that allows for selectively disclosing parts of a signed JWT.
Consent and Claims
Learn how consent relates to claims in the authorization process.
What is a Claims Authority?
A brief overview of what a claims authority is and what role it plays in the process of issuing claims.
Centralizing Identity Data
An enterprise has many clients that require data of a user's identity. How can the claims infrastructure be used to sustain all parts of an organization?
Scopes, Claims and the Client
This article breaks down the different aspects of claims and scopes from a client perspective. We discuss tokens and claims, requesting and receiving claims.
Using Claims in APIs
Learn how to create a claims-based architecture for APIs and microservices.
Designing Claims
This article provides an overview of the claims ontology. Scopes, claims, tokens and how they are related in the authentication system.
Scopes Explained
Learn what scopes are, their role in authorization, and how to handle them properly as well as the difference between OAuth scopes and OpenID Connect scopes.
Claims Explained
When designing a token-based architecture, it's vital to know how identity data is handled in the system. Learn how Claims are used during authentication.
Scopes vs Claims
In OAuth and OpenID Connect, scopes and claims are common concepts. This article looks at the main differences between the two.
How-tos
Implementing Impersonation
Learn how to implement an Impersonation Flow
EdDSA Signatures in Tokens
Learn how to configure and sign tokens with EdDSA keys
Verified Claims and Identity Assurance
A tutorial showing how to use verified claims and identity assurance in the Curity Identity Server.
Implementing Token Exchange
How to take finer control over access tokens using token exchange and token procedures
Implementing Custom Claims
Curity's Identity specialists provide a tutorial and video showing how to implement a use case where custom claims are included in access tokens.
Adding Claims from Authentication
How to use the authenticated subject claims provider to get attributes from the authentication as claims in tokens.
Working With Claims
How to configure claims using Claim Value Providers and how to test providing values to claims.
Custom Token Issuer
How to use client properties to invoke custom token issuers on a per client basis.
Token Designer Overview
How to manage scopes, claims and token contents using the Token Designer feature.
Videos
