My Oracle Support Banner

How To Assign Custom OpenID Connect Claim To A Custom Scope (Doc ID 2790271.1)

Last updated on JULY 16, 2021

Applies to:

Identity Cloud Service (IDCS) - Version N/A to N/A
Information in this document applies to any platform.


 Created a custom OpenID Connect claim using the REST API. Here is its definition:

"mode": "always",
"id": "5549fc0aecb54f16bbccf0bbdedad4c8",
"value": "$(user.urn:ietf:params:scim:schemas:idcs:extension:custom:User.xxxxCustom)",
"expression": true,
"meta": {
"created": "2021-05-20T04:28:55.450Z",
"lastModified": "2021-05-28T18:04:04.842Z",
"resourceType": "CustomClaim",
"location": ""
"allScopes": false,
"name": "CalypsoCustomClaim",
"tokenType": "AT",
"scopes": ["sss"],
"schemas": ["urn:ietf:params:scim:schemas:oracle:idcs:CustomClaim"]

As you can see I have set the "allScopes" attribute to false and "scopes" to ["sss"], where "sss" is the name of the custom code that I want to use for applications which need this custom claim. Then in my application configuration, I have added the scope name "sss" (see screenshot attached). But when my client tries to connect with the following redirect (note that the requested scopes include sss):

It gets an "Invalid Scope" error response: https://localhost:xxxx/login/oauth2/code/sss?error=invalid_scope&error_description=Invalid+scope.&state=ODUFfbSnsX8HheFS-Qn8qGZ6Z0UigFb6-pwlWd7JnPc%3D


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.