Claims & Scopes
Learn how claims and scopes can be used for standards-based authorization.
A claim is statement that a particular entity has a particular property. In authentication, we usually think of claims as assertions about a user, as asserted by the Identity Provider. Claims are critical to reach the highest level in the API Security Maturity model. When designing a token-based architecture, it's important to understand how identity data is passed around. Claims provide a fundamental means for how to trust that the data is valid and true. A scope is a grouping of claims. In OAuth, a scope is defined as a string that may represent a resource the Client requests access to. The Scope is what gives access to APIs (with a valid token). But Scopes are also what gives access to claims.
![Claims Best Practices](/images/resources/architect/claims-best-practices-curity.png)
Claims Best Practices
Best practices for implementing claims. Learn how to issue custom claims step by step.
![Scope Best Practices](/images/resources/architect/the-claims-container-curity.jpg)
Scope Best Practices
Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes.
![Using Vectors of Trust](/images/resources/architect/vectors-of-trust-curity.png)
Using Vectors of Trust
Vectors of Trust is a specification that provides a method for describing an identity transaction to determine a level of trust.
![Default Scopes](/images/resources/develop/default-scopes-curity.png)
Default Scopes
Discover how to use the default scope with a set of default claims.
![Consent and Claims](/images/resources/architect/consent-and-claims-curity.png)
Consent and Claims
Learn how consent relates to claims in the authorization process.
![What is a Claims Authority?](/images/resources/architect/what-is-claims-authority-curity.png)
What is a Claims Authority?
A brief overview of what a claims authority is and what role it plays in the process of issuing claims.
![Centralizing Identity Data](/images/resources/use_cases/claims-mapping-curity.png)
Centralizing Identity Data
An enterprise has many clients that require data of a user's identity. How can the claims infrastructure be used to sustain all parts of an organization?
![Scopes, Claims and the Client](/images/resources/develop/claims-and-the-client-curity.png)
Scopes, Claims and the Client
This article breaks down the different aspects of claims and scopes from a client perspective. We discuss tokens and claims, requesting and receiving claims.
![Using Claims in APIs](/images/resources/develop/building-apis-with-claims-curity.png)
Using Claims in APIs
Learn how to create a claims-based architecture for APIs and microservices.
![Designing Claims](/images/resources/architect/claims-explained-curity.png)
Designing Claims
This article provides an overview of the claims ontology. Scopes, claims, tokens and how they are related in the authentication system.
![Scopes Explained](/images/resources/architect/the-claims-container-curity.jpg)
Scopes Explained
Learn what scopes are, their role in authorization, and how to handle them properly as well as the difference between OAuth scopes and OpenID Connect scopes.
![Claims Explained](/images/resources/architect/what-are-claims-curity.jpg)
Claims Explained
When designing a token-based architecture, it's vital to know how identity data is handled in the system. Learn how Claims are used during authentication.
![Scopes vs Claims](/images/resources/architect/scopes-vs-claims-curity.jpg)
Scopes vs Claims
In OAuth and OpenID Connect, scopes and claims are common concepts. This article looks at the main differences between the two.
How-tos
![Implementing Dynamic User Routing](/images/resources/howtos/deploy/dynamic-routing/implementing-dynamic-user-routing.png)
Implementing Dynamic User Routing
An end-to-end how-to for dynamically routing OAuth requests via a reverse proxy.
![Implementing Impersonation](/images/resources/tutorials/advanced/impersonation/impersonation-flow-implementation.jpg)
Implementing Impersonation
Learn how to implement an Impersonation Flow
![EdDSA Signatures in Tokens](/images/resources/howtos/configuration/eddsa/eddsa-token-signature.png)
EdDSA Signatures in Tokens
Learn how to configure and sign tokens with EdDSA keys
![Verified Claims and Identity Assurance](/images/resources/howtos/advanced/identity-assurance/curity-article-identity-assurance.png)
Verified Claims and Identity Assurance
![Implementing Custom Claims](/images/resources/architect/implementing-custom-claims.png)
Implementing Custom Claims
Curity's Identity specialists provide a tutorial and video showing how to implement a use case where custom claims are included in access tokens.
![Adding Claims from Authentication](/images/resources/tutorials/advanced/adding-claims.png)
Adding Claims from Authentication
How to use the authenticated subject claims provider to get attributes from the authentication as claims in tokens.
![Working With Claims](/images/resources/howtos/configuration/claims-ui/token-designer.png)
Working With Claims
How to configure claims using Claim Value Providers and how to test providing values to claims.
![Custom Token Issuer](/images/resources/howtos/advanced/custom-token-issuers/token-issuer.png)
Custom Token Issuer
How to use client properties to invoke custom token issuers on a per client basis.
![Token Designer Overview](/images/resources/howtos/configuration/claims-ui/token-designer.png)
Token Designer Overview
How to manage scopes, claims and token contents using the Token Designer feature.