In this document you will learn how OpenID Connect scope and claims work with Ory OAuth2 and OpenID Connect. It will also cover
the default setup of Ory, which uses Ory Identities for logging in and the Ory Account Experience for getting user consent. This
setup supports the
profile OpenID Connect scopes.
The default setup of Ory OAuth2 and OpenID Connect
By default, Ory OAuth2 and OpenID Connect use Ory Identities to handle login. It also uses the Ory Account Experience to ask for
user consent. This setup supports the
profile scopes as defined by OpenID Connect.
email scope works
profile scope works
profile scope, the system uses traits associated with a user. Here's how they map:
identity.traits.usernameis used for the
identity.traits.websiteis used for the
identity.updated_atis used for the
Also, the name field can be a string or an object:
identity.traits.nameis a string, it is used for the
identity.traits.nameis an object,
traits.name.lastare used for the
Making Custom Scopes and Claims
Ory allows you to customize scopes and claims. To do this, you can set up a custom consent UI. This way, you can adjust your identity management process to fit your needs. For more information, check out the Ory Consent UI Documentation.