In OpenID Connect, scopes affect the list of attributes that PingFederate can return to the OAuth clients. On the Attribute Scopes screen, you can optionally add associations between scopes and attributes beyond what is defined in the specification.

  1. Optional: On the Attribute Scopes screen, add any number of scope-to-attributes associations.
    1. Select a scope from the list.

      Both common and exclusive scopes are available for selection.

    2. Select the relevant check boxes under Attributes.

      If you have selected a standard scope in the previous step, its associated standard attributes, as defined in the OpenID Connect specification, are automatically selected and cannot be modified. You can however select additional attributes to be associated with the selected scope.

      Additionally, if you have selected the profile scope, any non-standard attributes that are not associated with the profile scope become inaccessible to your OAuth clients. For your convenience, the administrative console detects this condition and displays a warning message with a list of inaccessible attributes. Select the relevant check boxes to make the non-standard attributes accessible or ignore the message if they shall remain inaccessible for the time being.

    3. Click Add.
    4. Optional: Repeat these steps to define additional scope-to-attributes associations.

      Use the Edit, Update, and Cancel workflow to make or undo a change to an existing entry. Use the Delete and Undelete workflow to remove an existing entry or cancel the removal request.

  2. Click Next.