Archived 2023.09.04. Content moved to CDS Guide, Guidance on Profile Scope
Question
In CDS Scopes and Claims, the profile-related claims name
, given_name
, family_name
and updated_at
are in the list of claims that must be supported.
Under CDS Tokens, there is a statement that the ID Token returned from the Authorisation End Point MUST NOT contain any Personal Information (PII) claims.
- Does this mean that the profile-related claims listed above must be returned at the User Info Endpoint as well as in the
ID_Token
returned in response to a Token Endpoint request? - How is the
updated_at
claim intended to be used by the client?
Answer
- Yes, the profile-related claims listed above must be returned at the User Info Endpoint as well as in the
ID_Token
returned in response to a Token Endpoint request. - The
updated_at
claim aligns with thelastUpdateTime
field in the payload returned from the customer end point. It can be used by the ADR in any way they wish but would presumably be useful in determining the relative accuracy of the data in the customer profile.
See:
Comments
0 comments
Please sign in to leave a comment.