---
title: Configuring the policy attribute contract
description: In the Attribute Contract tab, you can define the list of attributes that PingFederate can return to the OAuth clients.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_policymanagementtasklet_createpolicycontractstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_policymanagementtasklet_createpolicycontractstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  about-this-task: About this task
  steps: Steps
  related-links: Related links
---

# Configuring the policy attribute contract

In the **Attribute Contract** tab, you can define the list of attributes that PingFederate can return to the OAuth clients.

## About this task

Every new OpenID Connect policy contract begins with a list of standard attributes. These attributes or claims are defined in the OpenID Connect specification. You can optionally remove standard attributes, turn them into non-standard attributes, or add new non-standard attributes.

|   |                                                                                                                                                                                                                                               |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | In OpenID Connect, scopes affect the list of attributes that PingFederate can return to the OAuth clients. The attributes that PingFederate returns to OAuth clients vary, depending on the scopes originally approved by the resource owner. |

By default, all attributes defined on this window are deliverable through the UserInfo endpoint. If an implicit client makes a token request by providing `id_token` as the only `response_type` parameter value, the client will only receive an ID token without an access token. As the client will not be able to retrieve additional attributes from the UserInfo endpoint without a valid access token, PingFederate includes the applicable attributes in the ID token instead.

If you have not selected the **Include User Info in ID Token** option in the **Manage Policy** tab for this policy, you can choose how attributes are delivered to clients. Similar to the default delivery behavior, in the scenario where an implicit client makes a token request by providing `id_token` as the sole `response_type` parameter value, PingFederate includes the applicable attributes in the ID token regardless of any configured overrides.

## Steps

* To add a new attribute:

  1. Enter the name of the attribute under **Extend the Contract**.

  2. (Optional) To choose how the attribute is delivered, select the **Override Default Delivery** checkbox .

     * To include this attribute in ID tokens, select the **ID Token** checkbox.

     * To include this attribute in Userinfo responses, select the **UserInfo** checkbox.

  3. (Optional) To always return this array in a token response, select the **Multi-Valued** checkbox.

  4. Click **Add**.

* To modify an existing entry, use the **Edit**, **Update**, and **Cancel** buttons. Choose how the attribute is delivered, as needed.

* To remove an existing entry, click **Delete**.

## Related links

* [UserInfo endpoint](../developers_reference_guide/pf_userinfo_endpoint.html)