OpenID Connect Integration

Attributes

These are the attributes/claims our OpenID Provider (OP) can provide to a Relying Party (RP) currently:

This is a maturing service and at this stage only supports a subset of attributes/claims. For attribute requirements outside this range, please contact us to discuss.

Supported Scopes Claims
openid Returns the subclaim, which uniquely identifies the user. In an ID Token, iss, aud, exp, iat, and at_hash claims will also be present.
profile Returns claims that represent basic profile information, including name, family_name, given_name, and preferred_username.
email Returns the email claim, which contains the user's email address
phone Returns the phone_number of the user. Not many AAF IdPs will return this value.
aueduperson Returns the users au_edu_person_shared_token value
eduperson_affiliation Returns the users eduperson_affiliation value
eduperson_assurance Returns the users eduperson_assurance value
eduperson_orcid Returns the users eduperson_orcid value
eduperson_principal_name Returns the users eduperson_principal_name value
eduperson_scoped_affiliation Returns the users eduperson_scoped_affiliation value
schac_home_organization Returns the users schac_home_organization value
home_organization Returns the users o value


A claim for a user will only be provided if their home organisation provides the specific attribute. For example most universities will not provide phone numbers for their users.