OIDC scopes
10Duke Enterprise supports the following scopes for client API authorization.
10Duke Enterprise uses the scopes requested by the client to determine the user attributes to be included when the client requests for OpenID Connect (OIDC) UserInfo or an ID token.
The scopes with the prefix https://apis.10duke.com in the name are custom claims in 10Duke Enterprise, and the others are standard OpenID Connect (OIDC) scope claims.
Standard OIDC scopes
| Scope | Description |
|---|---|
openid |
The scope for enabling OIDC. |
profile |
The scope for requesting the standard OIDC profile claims. |
email |
The scope for requesting the email and email_verified claims. |
address |
The scope for requesting the address claim. |
phone |
The scope for requesting the phone_number claim. (The phone_number_verified claim is not supported.) |
Custom scopes
| Scope | Description |
|---|---|
https://apis.10duke.com/auth/openidconnect/organization |
The custom scope for requesting the organization claim. |
https://apis.10duke.com/auth/openidconnect/user.properties |
The custom scope for requesting the user_properties claim. |
https://apis.10duke.com/auth/openidconnect/client_permissions |
The custom scope for requesting the client_permissions claim. |