Standard OpenID Connect scopes control which user claims are included in an id_token or in a userinfo response. Unlike other resources, scopes from this resource can be included in an access token along with scopes from another resource.

PingOne supports the following OIDC scopes:

Scope Description
profile This scope value requests access to the end-user’s profile claims, which are: name, family_name, given_name, middle_name, preferred_username, nickname, picture, zoneinfo, locale, profile, website, gender, birthdate, and updated_at.
email This scope value requests access to the email and email_verified claims.
address This scope value requests access to the following claims: address.street_address, address.locality, address.region, address.postal_code, address.country, address.formatted.
phone This scope value requests access to the phone_number and phone_number_verified claims.

OIDC scopes for user information

The following sample shows an implicit authorization request with an id_token response type. The scope parameter specifies the required openid scope. It also specifies the optional profile scope to provide access to the end-user’s default profile claims.

curl -X GET \
  'https://auth.pingone.com/{{envID}}/as/authorize?client_id={{appID}}&redirect_uri={{redirect_uri}}&response_type=id_token&scope=openid%20profile'

For more information about retrieving scopes for a specified resource, see Get scopes for a resource.