Is there an open standard API for writing user properties into a user directory?

Question

There are established and popular protocols for identity providers to provide a client with properties about the logged in user.

For example in OpenID Connect (OIDC) the client can request access to certain scopes and then read claims about the authenticated user. The use case is the usage of centrally maintained user data, like name, department, e-mail etc.

I'm looking for way for the client to write custom properties about the authenticated user back into the identity provider.

Use cases:

a client application needs to save some app-specific preferences about the user and
a client application enables to user to edit some existing properties that are relevant for other client applications, too

(Yes, it would be trivial to design my own REST-like endpoint for this, but I'm looking for an open standard, in order to make it easier for clients.)

score 2 · Accepted Answer · edited Nov 14 '22 at 08:28

2

Have a look at System for Cross-domain Identity Management, aka SCIM. This is an out-of-the-box Rest API that an IDP should provide, and which should also enable you to save custom attributes against users.

Typically it is called by back end components, which use the client credentials grant to get a separate token with which to call the SCIM endpoint.

edited Nov 14 '22 at 08:28

pixelistik

7,541
3
32
42

answered Nov 13 '22 at 17:50

Gary Archer

22,534
2
12
24

Is there an open standard API for writing user properties into a user directory?

1 Answers1