Why is Google's OpenId Connect API not sending back all claims?

Question

Google's OpenId Connect discovery document shows that the supported Claims are:

"claims_supported": [
  "aud",
  "email",
  "email_verified",
  "exp",
  "family_name",
  "given_name",
  "iat",
  "iss",
  "locale",
  "name",
  "picture",
  "sub"
]

and the supported Scopes are

"scopes_supported": [
  "openid",
  "email",
  "profile"
]

I was expecting to get all of the supported claims when I send a GET request to the OpenId Connect UserInfo end point (https://www.googleapis.com/oauth2/v3/userinfo). However, I seem to be getting a subset of the supported claims:

{
  "sub": "...",
  "name": "...",
  "given_name": "...",
  "family_name": "...",
  "picture": "...",
  "email": "...",
  "email_verified": true,
  "locale": "..."
}

Does anyone know why I am missing a few of the supported claims in my response?

If I understand you correctly you think that UserInfo end point should return supported scopes for your project? — Linda Lawton - DaImTo, Feb 10 '17 at 08:35
@DalmTo Sorry, to be clear I am thinking that since I have requested and been granted access to each scope, that the UserInfo end point should return every single supported claim - not just a subset of claims. — Rob L, Feb 10 '17 at 09:24

Rob L · Accepted Answer · 2023-07-15T09:12:55.640

0

You won't always get back all of the supported claims. Supported claims means exactly that - they're supported but it's possible that the user does not have issued claims for each supported claim type.

edited Jul 15 '23 at 09:12

answered Nov 20 '17 at 11:21

Rob L

3,073
6
31
61

Why is Google's OpenId Connect API not sending back all claims?

1 Answers1