Documentation

StandardClaims

Standard claims defined in "5.1. Standard Claims" of OpenID Connect Core 1.0.

Tags
see
https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims

OpenID Connect Core 1.0, 5.1. Standard Claims

Table of Contents

ADDRESS  = 'address'
End-User's preferred postal address. The value of the "address" member is a JSON [RFC 4627] structure containing some or all of the members defined in Section 5.1.1.
BIRTHDATE  = 'birthdate'
End-User's birthday, represented as an ISO 8601:2004 "YYYY-MM-DD" format. The year MAY be "0000", indicating that it is omitted. To represent only the year, "YYYY" format is allowed.
EMAIL  = 'email'
End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 addr-spec syntax. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.
EMAIL_VERIFIED  = 'email_verified'
True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is "true", this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.
FAMILY_NAME  = 'family_name'
Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
GENDER  = 'gender'
End-User's gender. Values defined by this specification are "female" and "male". Other values MAY be used when neither of the defined values are applicable.
GIVEN_NAME  = 'given_name'
Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
LOCALE  = 'locale'
End-User's locale, represented as a BCP47 [RFC 5646] language tag.
MIDDLE_NAME  = 'middle_name'
Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
NAME  = 'name'
End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
NICKNAME  = 'nickname'
Casual name of the End-User that may or may not be the same as the "given_name". For instance, a "nickname" value of "Mike" might be returned alongside a "given_name" value of "Michael".
PHONE_NUMBER  = 'phone_number'
End-User's preferred telephone number. E.164 is RECOMMENDED as the format of this Claim, for example, "+1 (425) 555-1212" or "+56 (2) 687 2400". If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 extension syntax, for example, "+1 (604) 555-1234;ext=5678".
PHONE_NUMBER_VERIFIED  = 'phone_number_verified'
True if the End-User's phone number has been verified; otherwise false. When this Claim Value is "true", this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.
PICTURE  = 'picture'
URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.
PREFERRED_USERNAME  = 'preferred_username'
Shorthand name by which the End-User wishes to be referred to at the RP, such as "janedoe" or "j.doe". This value MAY be any valid JSON string including special characters such as '@', '/', or whitespace. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.
PROFILE  = 'profile'
URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.
SUB  = 'sub'
Subject - Identifier for the End-User at the Issuer.
UPDATED_AT  = 'updated_at'
Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
WEBSITE  = 'website'
URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with.
ZONEINFO  = 'zoneinfo'
String from zoneinfo time zone database representing the End-User's time zone. For example, "Europe/Paris" or "America/Los_Angeles".

Constants

ADDRESS

End-User's preferred postal address. The value of the "address" member is a JSON [RFC 4627] structure containing some or all of the members defined in Section 5.1.1.

public string ADDRESS = 'address'

BIRTHDATE

End-User's birthday, represented as an ISO 8601:2004 "YYYY-MM-DD" format. The year MAY be "0000", indicating that it is omitted. To represent only the year, "YYYY" format is allowed.

public string BIRTHDATE = 'birthdate'

Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.

EMAIL

End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 addr-spec syntax. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.

public string EMAIL = 'email'

EMAIL_VERIFIED

True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is "true", this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.

public string EMAIL_VERIFIED = 'email_verified'

FAMILY_NAME

Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.

public string FAMILY_NAME = 'family_name'

GENDER

End-User's gender. Values defined by this specification are "female" and "male". Other values MAY be used when neither of the defined values are applicable.

public string GENDER = 'gender'

GIVEN_NAME

Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.

public string GIVEN_NAME = 'given_name'

LOCALE

End-User's locale, represented as a BCP47 [RFC 5646] language tag.

public string LOCALE = 'locale'

This is typically an ISO 639-1 Alpha-2 language code in lowercase and an ISO 3166-1 Alpha-2 country code in uppercase, separated by a dash. For example, "en-US" or "fr-CA". As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, "en_US"; Relying Parties MAY choose to accept this locale syntax as well.

MIDDLE_NAME

Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.

public string MIDDLE_NAME = 'middle_name'

NAME

End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.

public string NAME = 'name'

NICKNAME

Casual name of the End-User that may or may not be the same as the "given_name". For instance, a "nickname" value of "Mike" might be returned alongside a "given_name" value of "Michael".

public string NICKNAME = 'nickname'

PHONE_NUMBER

End-User's preferred telephone number. E.164 is RECOMMENDED as the format of this Claim, for example, "+1 (425) 555-1212" or "+56 (2) 687 2400". If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 extension syntax, for example, "+1 (604) 555-1234;ext=5678".

public string PHONE_NUMBER = 'phone_number'

PHONE_NUMBER_VERIFIED

True if the End-User's phone number has been verified; otherwise false. When this Claim Value is "true", this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.

public string PHONE_NUMBER_VERIFIED = 'phone_number_verified'

When true, the "phone_number" Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format.

PICTURE

URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.

public string PICTURE = 'picture'

PREFERRED_USERNAME

Shorthand name by which the End-User wishes to be referred to at the RP, such as "janedoe" or "j.doe". This value MAY be any valid JSON string including special characters such as '@', '/', or whitespace. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.

public string PREFERRED_USERNAME = 'preferred_username'

PROFILE

URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.

public string PROFILE = 'profile'

SUB

Subject - Identifier for the End-User at the Issuer.

public string SUB = 'sub'

UPDATED_AT

Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.

public string UPDATED_AT = 'updated_at'

WEBSITE

URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with.

public string WEBSITE = 'website'

ZONEINFO

String from zoneinfo time zone database representing the End-User's time zone. For example, "Europe/Paris" or "America/Los_Angeles".

public string ZONEINFO = 'zoneinfo'

Search results