OpenID Scopes - kmd-identity/documentation GitHub Wiki
An OpenID-application can request id_token and access_token by specifying the following scopes:
| Scope | Description | |
|---|---|---|
| openid | Required | This is a scope inherent to OpenID. Without it no id-token is returned. (only an access_token) |
| allatclaims | Optional | This will include all claims from the access_token in the id_token |
Additional API scopes can be requested depending on what scopes have been set-up on your API. The default scope for an API is called user_impersonation. When requesting a scope for your API, the identifier of the API combined with the scope must be supplied.
An example:
Identifier (audience) of API: urn:kmd-identity-test-application-api.prod
Scope: user_impersonation
The full scope for the API, in the request to KMD Identity is: urn:kmd-identity-test-application-api.prod/user_impersonation