Docs
Capabilities
Credential verification
OIDC claims mapping

Credential to OIDC claims mapping

As described in the guide to setup an OIDC Credential Verifier, claims from JSON-LD terms in the credential need to be mapped to OIDC Claims used in the ID Token.

Below is a list of the standard OIDC claims (opens in a new tab) and their JSON-LD equivalent terms from https://schema.org. These mappings can be copy and pasted into the payload when setting up an OIDC Credential Verifier.

JSON
 "claimMappings": [
    {
        "jsonLdFqn": "http://schema.org/givenName",
        "oidcClaim": "given_name"
    },
    {
        "jsonLdFqn": "http://schema.org/familyName",
        "oidcClaim": "family_name"
    },
    {
        "jsonLdFqn": "http://schema.org/name",
        "oidcClaim": "name"
    },
    {
        "jsonLdFqn": "http://schema.org/alternateName",
        "oidcClaim": "nickname"
    },
    {
        "jsonLdFqn": "http://schema.org/image",
        "oidcClaim": "picture"
    },
    {
        "jsonLdFqn": "http://schema.org/mainEntityOfPage",
        "oidcClaim": "profile"
    },
    {
        "jsonLdFqn": "http://schema.org/email",
        "oidcClaim": "email"
    },
    {
        "jsonLdFqn": "http://schema.org/gender",
        "oidcClaim": "gender"
    },
    {
        "jsonLdFqn": "http://schema.org/birthDate",
        "oidcClaim": "birthdate"
    },
    {
        "jsonLdFqn": "http://schema.org/knowsLanguage",
        "oidcClaim": "locale"
    },
    {
        "jsonLdFqn": "http://schema.org/telephone",
        "oidcClaim": "phone_number"
    }
]

The OIDC Bridge only maps credential terms to strings in the OIDC ID Token, therefore the default OIDC Address claim (opens in a new tab) is not supported at this time.

Custom claims

Any other claim from the Credential can be mapped. The OpenID Connect recommendation is to name-space custom claims so as to avoid any collision with standard claims, current or future.

As only schema.org (opens in a new tab) is currently supported as a data vocabulary, name-spacing with this domain is logical, alternatively any unique value like your host domain is valid.

The jsonLdFqn value must be an exact match for a fully-expanded JSON-LD Subject claim in the Credential, otherwise it will be ignored during credential issue.

JSON
"claimMappings": [
    {
        "jsonLdFqn": "http://schema.org/alumniOf",
        "oidcClaim": "schema.org/alumni_of"
    }
]
PresentationSelf Service Portal