Custom scopes and consent workflow
Hi there, we're evaluating Zitadel as our identity and OpenID Connect provider however as part of our workflow we require the ability to use custom scopes to group custom claims. OIDC clients would then request access to those scopes accordingly and the user would need to grant consent either to the full scope (and in the future we'd like to explore the ability to have granular access to claims).
In the docs I've spotted that regarding custom scopes "This feature is not yet released". Does this mean it is currently under development? Can we enable this as a feature toggle to test it at all? How much control over the consent UI will we have?
Thanks in advance
9 Replies
hey @kisamoto welcome to the server, we currently don’t have custom scopes, we only have the possiblity to add custom claims using actions
Thanks for the quick reply @Rajat . Is this planned or under development? If I understand adding claims by actions this doesn't give much granular permissions for the scope does it?
hey @kisamoto no we dont have it planned for now, what kind of granular permissions are you looking for?. Claims should solve it , but maybe if you have a usecase, we can take a look, setting custom claims via actions should work
Okay, here's my (simplified) use case.
- I have additional metadata for my users (e.g. "username", "age" and "current location").
- My users can log in to other platforms.
- I'd like developers of other platforms to be able to request user consent for a subset of the metadata (for example, a platform may want access to the "username" only and not "age" or "current location").
I expected to do this with scopes per client depending on what they need access and users can grant consent.
How would I be able to achieve this with claims?
Thanks for your help @Rajat
hey @kisamoto the approach I had in my mind was that For your use case with metadata like "username", "age", and "current location", you can add custom claims using ZITADEL's Actions
addClaim() or append them as metadata appendMetadata() but this approach doesn't provide the granular consent mechanism you're looking for.Thanks for that @Rajat - yes that’s what I initially thought but it’s too limiting and I’d prefer to follow OIDC consent standards. So to confirm, Zitadel is not suitable for my purpose?
is you are looking for custom scopes then no I'd say 🙂
🎉 Looks like you just helped out another community member! Thanks for being so helpful <@1346540274674827395>! You're now one step closer to leveling up—keep up the amazing peer support! 🚀
Thanks for your help!