@@ -2,106 +2,116 @@ See below for the IDP specific claims available. For all IDPs the **Keycloak Gen
22
33## IDIR
44
5- | Description | Standard Realm - Claim Name |
6- | ------------------------------------- | ----------------------------- |
7- | First Name | given_name |
8- | Last Name | family_name |
9- | Email | email |
10- | Display Name | display_name |
11- | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
12- | IDIR Username | idir_username |
13- | IDIR User GUID | idir_user_guid |
14- | Keycloak Generated Preferred Username | preferred_username |
15-
16- * Any other attribute can be fetched by the app itself using [ IDIM Web Services] ( https://sminfo.gov.bc.ca/ )
5+ | Description | Standard Realm - Claim Name |
6+ | ------------------------------------- | ------------------------------------------------------------------------------------ ----------------------------- |
7+ | First Name | given_name |
8+ | Last Name | family_name |
9+ | Email | email |
10+ | Display Name | display_name |
11+ | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
12+ | IDIR Username | idir_username |
13+ | IDIR User GUID | idir_user_guid |
14+ | Keycloak Generated Preferred Username | preferred_username |
15+
16+ - Any other attribute can be fetched by the app itself using [ IDIM Web Services] ( https://sminfo.gov.bc.ca/ )
1717
1818## IDIR MFA
1919
20- | Description | Standard Realm - Claim Name |
21- | ------------------------------------- | ----------------------------- |
22- | First Name | given_name |
23- | Last Name | family_name |
24- | Email | email |
25- | Email | user_principal_name |
26- | Display Name | display_name |
27- | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
28- | IDIR Username | idir_username |
29- | IDIR User GUID | idir_user_guid |
30- | Keycloak Generated Preferred Username | preferred_username |
20+ | Description | Standard Realm - Claim Name |
21+ | ------------------------------------- | ------------------------------------------------------------------------------------ ----------------------------- |
22+ | First Name | given_name |
23+ | Last Name | family_name |
24+ | Email | email |
25+ | Email | user_principal_name |
26+ | Display Name | display_name |
27+ | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
28+ | IDIR Username | idir_username |
29+ | IDIR User GUID | idir_user_guid |
30+ | Keycloak Generated Preferred Username | preferred_username |
3131
3232## Basic BCeID
3333
34- | User Property/Attribute | Standard Realm - Claim Name |
35- | ------------------------------------- | ----------------------------- |
36- | Email | email |
37- | Display Name | display_name |
38- | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
39- | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
40- | BCeID Username | bceid_username |
41- | BCeID User GUID | bceid_user_guid |
42- | Keycloak Generated Preferred Username | preferred_username |
34+ | User Property/Attribute | Standard Realm - Claim Name |
35+ | ------------------------------------- | ------------------------------------------------------------------------------------------ ----------------------------- |
36+ | Email | email |
37+ | Display Name | display_name |
38+ | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
39+ | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
40+ | BCeID Username | bceid_username |
41+ | BCeID User GUID | bceid_user_guid |
42+ | Keycloak Generated Preferred Username | preferred_username |
4343
4444## Business BCeID
4545
46- | User Property/Attribute | Standard Realm - Claim Name |
47- | ------------------------------------- | ----------------------------- |
48- | Email | email |
49- | Display Name | display_name |
50- | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
51- | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
52- | BCeID Username | bceid_username |
53- | BCeID User GUID | bceid_user_guid |
54- | Keycloak Generated Preferred Username | preferred_username |
55- | BCeID Business Guid | bceid_business_guid |
56- | BCeID Business Name | bceid_business_name |
46+ | User Property/Attribute | Standard Realm - Claim Name |
47+ | ------------------------------------- | ------------------------------------------------------------------------------------------ ----------------------------- |
48+ | Email | email |
49+ | Display Name | display_name |
50+ | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
51+ | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
52+ | BCeID Username | bceid_username |
53+ | BCeID User GUID | bceid_user_guid |
54+ | Keycloak Generated Preferred Username | preferred_username |
55+ | BCeID Business Guid | bceid_business_guid |
56+ | BCeID Business Name | bceid_business_name |
5757
5858## BCeID Both
5959
6060See above for claims depending on BCeID type selected by end user.
6161
6262## GitHub Public
6363
64- | User Property/Attribute | Standard Realm - Claim Name |
65- | ------------------------------------- | ---------------------------------------- |
66- | Email | email |
67- | Display Name | display_name |
68- | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
69- | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
70- | GitHub ID | github_id |
71- | Keycloak Generated Preferred Username | preferred_username=` {{id}}@githubpublic ` |
72- | GitHub Username | github_username |
73- | BCGov Github Membership | org_verified |
74- | BCGov Github Orgs | orgs |
64+ | User Property/Attribute | Standard Realm - Claim Name |
65+ | ------------------------------------- | ------------------------------------------------------------------------------- ---------------------------------------- |
66+ | Email | email |
67+ | Display Name | display_name |
68+ | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
69+ | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
70+ | GitHub ID | github_id |
71+ | Keycloak Generated Preferred Username | preferred_username=` {{id}}@githubpublic ` |
72+ | GitHub Username | github_username |
73+ | BCGov Github Membership | org_verified |
74+ | BCGov Github Orgs | orgs |
7575
7676## GitHub BCGov
7777
78- | User Property/Attribute | Standard Realm - Claim Name |
79- | ------------------------------------- | ---------------------------------------- |
80- | Email | email |
81- | Display Name | display_name |
82- | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
83- | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
84- | GitHub ID | github_id |
85- | Keycloak Generated Preferred Username | preferred_username |
86- | GitHub Username | github_username |
87- | BCGov Github Membership | org_verified |
88- | BCGov Github Orgs | orgs |
78+ | User Property/Attribute | Standard Realm - Claim Name |
79+ | ------------------------------------- | ------------------------------------------------------------------------------- ---------------------------------------- |
80+ | Email | email |
81+ | Display Name | display_name |
82+ | Display Name | name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
83+ | Display Name | given_name (** Note** : This is available for backward compatibility. We recommend to use the display_name claim instead) |
84+ | GitHub ID | github_id |
85+ | Keycloak Generated Preferred Username | preferred_username |
86+ | GitHub Username | github_username |
87+ | BCGov Github Membership | org_verified |
88+ | BCGov Github Orgs | orgs |
8989
9090## BC Services Card
9191
92- | User Property/Attribute | Standard Realm - Claim Name |
93- | ------------------------------------- | --------------------------------------- |
94- | Keycloak Generated Preferred Username | preferred_username=` {{sub}}@<idp-name> ` |
92+ | User Property/Attribute | Standard Realm - Claim Name |
93+ | ------------------------------------- | --------------------------------------- |
94+ | Keycloak Generated Preferred Username | preferred_username=` {{sub}}@<idp-name> ` |
9595
96- ** Note: ** Clients can request additional claims when creating their client in the CSS App. See [ here] ( https://id.gov.bc.ca/oauth2/claim-types ) for an up-to-date list of available claims. The BCSC sub will not be available for selection in the app, however the received token's sub or preferred_username claim can be used as an identifier.
96+ ** Note** : Clients can request additional claims when creating their client in the CSS App. See [ here] ( https://id.gov.bc.ca/oauth2/claim-types ) for an up-to-date list of available claims. The BCSC sub will not be available for selection in the app, however the received token's sub or preferred_username claim can be used as an identifier.
9797
9898## Digital Credential
9999
100- | User Property/Attribute | Standard Realm - Claim Name |
101- | ----------------------------------------- | ---------------------------------------------- |
102- | Keycloak Generated Preferred Username | preferred_username |
103- | Digital Credential Content (JSON) | vc_presented_attributes |
104- | The Presentation Request Configuration ID | pres_req_conf_id |
100+ | User Property/Attribute | Standard Realm - Claim Name |
101+ | ----------------------------------------- | --------------------------- |
102+ | Keycloak Generated Preferred Username | preferred_username |
103+ | Digital Credential Content (JSON) | vc_presented_attributes |
104+ | The Presentation Request Configuration ID | pres_req_conf_id |
105+
106+ ## One-Time Passcode
107+
108+ | User Property/Attribute | Standard Realm - Claim Name |
109+ | -------------------------------- | --------------------------- |
110+ | Email | email |
111+ | Pairwise Pseudonymous Identifier | preferred_username |
112+
113+ ** Note** : A Pairwise Pseudonymous Identifier is an unique identifier of an user in each privacy zone
105114
106115## Playground
116+
107117[ Try our playground to see what comes in the payload with your client integration] ( https://bcgov.github.io/keycloak-example-apps/ )
0 commit comments