Common Credential to OIDC Claim mappings

As described in the guide to set up an OIDC Credential Verifier, claims from JSON-LD terms in the credential need to be mapped to OIDC Claims used in the ID Token.

Below is a list of the standard OIDC claims and their JSON-LD equivalent terms from https://schema.org. These mappings can be copy and pasted into the payload when setting up an OIDC Credential Verifier.

json
Copy to clipboard.
1 "claimMappings": [
2    {
3        "jsonLdFqn": "http://schema.org/givenName",
4        "oidcClaim": "given_name"
5    },
6    {
7        "jsonLdFqn": "http://schema.org/familyName",
8        "oidcClaim": "family_name"
9    },
10    {
11        "jsonLdFqn": "http://schema.org/name",
12        "oidcClaim": "name"
13    },
14    {
15        "jsonLdFqn": "http://schema.org/alternateName",
16        "oidcClaim": "nickname"
17    },
18    {
19        "jsonLdFqn": "http://schema.org/image",
20        "oidcClaim": "picture"
21    },
22    {
23        "jsonLdFqn": "http://schema.org/mainEntityOfPage",
24        "oidcClaim": "profile"
25    },
26    {
27        "jsonLdFqn": "http://schema.org/email",
28        "oidcClaim": "email"
29    },
30    {
31        "jsonLdFqn": "http://schema.org/gender",
32        "oidcClaim": "gender"
33    },
34    {
35        "jsonLdFqn": "http://schema.org/birthDate",
36        "oidcClaim": "birthdate"
37    },
38    {
39        "jsonLdFqn": "http://schema.org/knowsLanguage",
40        "oidcClaim": "locale"
41    },
42    {
43        "jsonLdFqn": "http://schema.org/telephone",
44        "oidcClaim": "phone_number"
45    }
46]

The OIDC Bridge only maps credential terms to strings in the OIDC ID Token, therefore the default OIDC Address claim is not supported at this time.

Custom terms

Any other claim from the Credential can be mapped. The OpenID Connect recommendation is to name-space custom claims so as to avoid any collision with standard claims, current or future.

As the platform only supports schema.org as a data vocabulary currently, name-spacing with this domain is logical, alternatively any unique value like your host domain is valid.

The jsonLdFqn value must be an exact match for a fully-expanded JSON-LD Subject claim in the Credential, otherwise it will be ignored during credential issue.

json
Copy to clipboard.
1"claimMappings": [
2    {
3        "jsonLdFqn": "http://schema.org/alumniOf",
4        "oidcClaim": "schema.org/alumni_of"
5    }
6]