Table of Contents
Introduction
As described in the guide to Set up an OIDC Credential Verifier, claims from JSON-LD terms in the Credential need to be mapped to OIDC Claims used in the ID Token.
Common terms
Below is a list of the standard OIDC claims and their JSON-LD equivalent terms from https://schema.org
.
These mappings can be pasted into the payload when setting up an OIDC Credential Verifier.
"claimMappings": [{"jsonLdFqn": "http://schema.org/givenName","oidcClaim": "given_name"},{"jsonLdFqn": "http://schema.org/familyName","oidcClaim": "family_name"},{"jsonLdFqn": "http://schema.org/name","oidcClaim": "name"},{"jsonLdFqn": "http://schema.org/alternateName","oidcClaim": "nickname"},{"jsonLdFqn": "http://schema.org/image","oidcClaim": "picture"},{"jsonLdFqn": "http://schema.org/mainEntityOfPage","oidcClaim": "profile"},{"jsonLdFqn": "http://schema.org/email","oidcClaim": "email"},{"jsonLdFqn": "http://schema.org/gender","oidcClaim": "gender"},{"jsonLdFqn": "http://schema.org/birthDate","oidcClaim": "birthdate"},{"jsonLdFqn": "http://schema.org/knowsLanguage","oidcClaim": "locale"},{"jsonLdFqn": "http://schema.org/telephone","oidcClaim": "phone_number"},{"jsonLdFqn": "http://schema.org/address","oidcClaim": "address"}]
Custom terms
Any other claim from the Credential can be mapped. The OpenID Connect recommendation is to name-space custom claims so as to avoid any collision with standard claims, current or future.
As the platform only supporst schema.org as a data vocabulary currently, name-spacing with this domain is logical, alternatively any unique value like your host domain is valid.
The jsonLdFqn
value must be an exact match for a fully-expanded JSON-LD Subject claim in the Credential, otherwise it will be ignored during credential issue.
"claimMappings": [{"jsonLdFqn": "http://schema.org/alumniOf","oidcClaim": "schema.org/alumni_of"}]
The entire list of JSON-LD terms can be accessed directly and used to look-up the exact @id to use in the
fqnJsonLd
claim mappings. In particular note thehttp
protocol vshttps
.