Claims

A claim is a single piece of asserted information about a subject, such as a user identifier, an email address, a verified status, or a set of roles. In OpenID Connect, claims travel inside the ID token, signed by the identity provider, so the receiving application can trust them without calling back to look the user up.

Standard claims have agreed names, and applications can request additional claims through scopes or a userinfo endpoint. Because claims are signed, an application can rely on them, but it should still request only what it needs and respect that some claims carry personal data.

For CIAM, claims are how identity and profile attributes flow to applications after login, which makes them the practical link between the identity platform and what each application knows about the customer.

Sources

• OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html