Credential to OIDC claims mapping
As described in the guide to setup an OIDC Credential Verifier, claims from JSON-LD terms in the credential need to be mapped to OIDC Claims used in the ID Token.
Below is a list of the
standard OIDC claims and
their JSON-LD equivalent terms from https://schema.org. These mappings can be copy and pasted into
the payload when
setting up an OIDC Credential Verifier.
"claimMappings": [
{
"jsonLdFqn": "http://schema.org/givenName",
"oidcClaim": "given_name"
},
{
"jsonLdFqn": "http://schema.org/familyName",
"oidcClaim": "family_name"
},
{
"jsonLdFqn": "http://schema.org/name",
"oidcClaim": "name"
},
{
"jsonLdFqn": "http://schema.org/alternateName",
"oidcClaim": "nickname"
},
{
"jsonLdFqn": "http://schema.org/image",
"oidcClaim": "picture"
},
{
"jsonLdFqn": "http://schema.org/mainEntityOfPage",
"oidcClaim": "profile"
},
{
"jsonLdFqn": "http://schema.org/email",
"oidcClaim": "email"
},
{
"jsonLdFqn": "http://schema.org/gender",
"oidcClaim": "gender"
},
{
"jsonLdFqn": "http://schema.org/birthDate",
"oidcClaim": "birthdate"
},
{
"jsonLdFqn": "http://schema.org/knowsLanguage",
"oidcClaim": "locale"
},
{
"jsonLdFqn": "http://schema.org/telephone",
"oidcClaim": "phone_number"
}
]The OIDC Bridge only maps credential terms to strings in the OIDC ID Token, therefore the default OIDC Address claim is not supported at this time.
Custom claims
Any other claim from the Credential can be mapped. The OpenID Connect recommendation is to name-space custom claims so as to avoid any collision with standard claims, current or future.
As only schema.org is currently supported as a data vocabulary, name-spacing with this domain is logical, alternatively any unique value like your host domain is valid.
The jsonLdFqn value must be an exact match for a fully-expanded JSON-LD Subject claim in the
Credential, otherwise it will be ignored during credential issue.
"claimMappings": [
{
"jsonLdFqn": "http://schema.org/alumniOf",
"oidcClaim": "schema.org/alumni_of"
}
]