SIAM attributes in OIDC
This page displays the user attributes available for Signicat IAM (SIAM) with OpenID Connect (OIDC).
Attributes table
OIDC claims define the properties to retrieve personal information of your end-users. To request OIDC claims in SIAM, you can use a combination of these scopes in your requests:
OIDC scopes available for SIAM
openid (always required for OIDC), profile, address, phone, nin, ownidp-extra.
Scopes encode what personal information you request from your end-users. You can retrieve the custom attributes you define in your SIAM platform by specifying the ownidp-extra scope in your request.
SIAM provides the following data mappings in OIDC:
Examples
When you integrate using OIDC, you specify the scopes in your authentication request. After the end-user successfully authenticates with SIAM, you can retrieve the claims in the ID Token or through the UserInfo endpoint.
Below, you find examples of requests and responses exchanged as part of an authentication transaction.
Request example
To start an authentication, your OIDC request may look similar to:
https://<YOUR_SIGNICAT_DOMAIN>/auth/open/connect/authorize?
&client_id=<OIDC_CLIENT_ID>
&response_type=code
&redirect_uri=<REDIRECT_URI>
&state=xyz123
&scope=openid%20profile%20address%20phone%20nin%20ownidp-extra
&acr_values=idp:ownidp
&prompt=login
&code_challenge=Qr_Nb...NFylI
&code_challenge_method=S256
Note the following request parameters shown in the example above:
scope: Specifies the set of claims that your application is requesting from SIAM.acr_values: Establishes the identity provider (IDP) routing. For example,idp:ownidproutes the end-user directly to your SIAM platform.
After you start an authentication and route the user to the authentication URL, the following happens:
- The end-user is redirected to the SIAM login page for authentication.
- The end-user logs in with their credentials and agrees to share their personal data.
- After successful authentication, you can retrieve the authorization code at the
redirect_uri. - You exchange the authorization code for an ID token and an access token.
Response example
Below, you find an example of a response obtained from an identity verification flow with SIAM.
Scopes in request: openid, profile, address, phone, nin, ownidp-extra.
Example of ID token in response:
{
"iss":"https://<ACCOUNT_DOMAIN>/auth/open",
"nbf":1726046529,
"iat":1726046529,
"exp":1726047129,
"aud":"<OIDC_CLIENT_ID>",
"amr":[
"external"
],
"at_hash":"_T539pqKJTOovx1xVyMnKA",
"sid":"783EFB56CEE40C1FA95F0543535B6E4E",
"sub":"X-FUmG7SkaAb8fA-7IU0ZrpTIJ37fnaV-c5SbXAoOqw=",
"auth_time":1726046523,
"idp":"ownidp",
"sandbox":true
}
The ID Token is configured by default to return only the claims defined in the OIDC standard (standard scopes).
To control the data returned in the ID Token, go to your OIDC client configuration in the Signicat Dashboard, select your OIDC client, navigate to the Advanced > Security tab and edit the ID Token User data field to return All claims.
Example of a response from the UserInfo endpoint:
{
"sub": "X-FUmG7SkaAb8fA-7IU0ZrpTIJ37fnaV-c5SbXAoOqw=",
"name": "John Robert Doe",
"family_name": "Doe",
"given_name": "John",
"middle_name": "Robert",
"gender": "male",
"birthdate": "1985-06-15",
"company": "Signicat AS",
"phone_number": "+4799999999",
"address":
{
"formatted": "Munkegata 26B, 7011 Trondheim, Norway",
"street_address": "Munkegata 26B",
"locality": "Trondheim",
"region": "Trøndelag",
"postal_code": "7011",
"country": "Norway"
},
"nin": "15068512345",
"nin_type": "social_security_number",
"nin_issuing_country": "NO",
"custom_member_id": "M12345",
"custom_tier": "Gold",
"preferred_theme": "dark"
}