-1

I'm looking into building my own identity provider to handle attributes and would like each attribute to contain additional information such as if the attribute is verified or not. I've noticed that Keycloak have solved it by adding another attribute called e.g. email_verified: true, is this a standard that I should follow as well or would it be fine to represent it (in the ID token) as:

{
    "email": {
        "value": "123@mail.com",
        "verified": true,
        "foo": "bar"
    }
}
user3677636
  • 331
  • 3
  • 14

1 Answers1

1

You can find the specification for the ID-Token here:

https://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken

Then each provider can add their own claims if they want to.

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40