In OAuth there is a concept of a default scope, that the server can issue to the client when nothing else is requested.
This article describes how to use the default scope together with a set of default claims.
In the Curity Identity Server the default scope is defined as the empty string "". This means that the default scope is always present. All clients always receive the default scope. Simply because any string always contains the empty string "".
From a claims perspective this means that it’s possible to define a set of claims that always will be issued, and depending on the mapper will be present in tokens for each client.
If there exists a set of claims that should always be present for any client (if mapped) they could be considered default claims and mapped on the default scope.
The benefit of mapping claims to the default scope is that the client doesn’t have to request any particular scope to receive these claims. They will never be forgotten.
All APIs in the organization need the
subscriber-id claim for any request being made on a user’s behalf. Instead of adding
subscriber-id to all scopes, the admin can add it to the default scope, and it will always be issued.
Let’s Stay in Touch!
Get the latest on identity management, API Security and authentication straight to your inbox.