Overview
detail: element | attribute | value

Name: AuthClaimsAndScopes

This class contains claims used to validate the authenticating user and the client provided scopes of the access request.

Data Structure
{
   "typeId": "com.tintri.api.rest.v310.dto.AuthClaimsAndScopes",
   "audience": <String>,
   "clientIdClaim": <String>,
   "groupClaim": <String>,
   "scopes": <String>,
   "userNameClaim": <String>,
}
Attributes
NameTypeDescription
audiencexsd:list[xsd:string]Optional:

The audience is the logical name of the target service where the client intends to use the requested security token.

If provided it will be used to validate the aud claim.

This is the Access Token "aud" claim not the Id Token "aud" claim. For Okta this is the Authorization Server Audience.
clientIdClaimxsd:stringOptional:

The claim used to validate the client id.
groupClaimxsd:stringOptional:

The claim for login user group membership.

The groups claim is typically used and may require the groups scope.

We assume the "groups" claim will be in the form of a list of groups for which the logged in user is a member.
scopesxsd:list[xsd:string]Optional:

The client specified scope of the access request using the "scope" request parameter.

Ref. ScopeClaims.

Some IdPs require the groups scope to get the groups for which the logged in user is a member of.
userNameClaimxsd:stringOptional:

The claim for the login user name.
Overview
detail: element | attribute | value
Generated by Lunatech Labs jax-doclets v0.8