Question
The requirements for the UserInfo End Point are specified in OIDC section 5.3 . This includes the specification:
Data Holders MUST support a UserInfo End Point.
In OIDC section 5.3.2, there is the statement:
For privacy reasons, OpenID Providers MAY elect to not return values for some requested Claims.
Which claim other than "sub" is mandatory?
Assuming first and last name are to be included, do the values in the response need to be captured at the time of consent creation or should they be fetched in real-time. For example, last name may change, due to marriage, between the time of consent and the current date.
Answer
For mandatory claims, if not otherwise specified in the Consumer Data Standards, refer to the OIDC normative standard.
First and last name should be fetched in real time.
See:
Comments
0 comments
Please sign in to leave a comment.