!!! Overview
[OpenID Connect] Clients use [scope|OAuth Scopes] values as defined in 3.3 of [OAuth 2.0] [RFC 6749] to specify what access [privileges] are being requested for [Access Tokens]. The [scope|OAuth Scopes] associated with [Access Tokens] determine what [resources|Protected Resource] will be available when they are used to access [OAuth 2.0] protected endpoints. 

For [OpenID Connect], [scope|OAuth Scopes] can be used to request that specific sets of information be made available as [{$pagename}] Values. This document describes only the [scope|OAuth Scopes] values used by [OpenID Connect].

[OpenID Connect] allows additional [scope|OAuth Scopes] values to be defined and used. [Scope|OAuth Scopes] values used that are not understood by an implementation [SHOULD] be ignored.

[{$pagename}] requested by the following [scope|OAuth Scopes] are treated by [Authorization Servers] as [Voluntary Claims].

[OpenID Connect] defines the following [OpenID Connect Scope] values:
* [profile] - __OPTIONAL__ This [scope|OAuth Scopes] value requests access to the [End-User's|Resource Owner] [Default Profile Claims].
* [email] __OPTIONAL__ - This scope value requests access to the [email] and [email_verified] Claims.
* [address] __OPTIONAL__ - This scope value requests access to the address Claim.
* [phone] __OPTIONAL__ - This scope value requests access to the [phone Number] and [phone_number_verified] Claims.
Multiple scope values MAY be used by creating a space delimited, [case-sensitive] list of [ASCII] scope values.

!! [OpenID Connect Standard Claims]
The [OpenID Connect] specification defines a set of [{$pagename}], referred to as "[OpenID Connect Standard Claims]" that can be requested to be returned either in the [Userinfo_endpoint] or in the [Identity Token].

||Scope||Claims
|email|[email], [email_verified]
|address|[address]
|profile|[name], [family_name], [given_name], [middle_name], [nickname], [preferred_username], [profile], [picture], [website], [gender], [birthdate], [zoneinfo], [locale], [updated_at]
|phone|[phone_number|Phone Number], [phone_number_verified]
|openid|[sub], auth_time, [acr] \\ 

!! Requesting Claims using the "[claims]" [Authorization Request] Parameter[2]
The claims [Authentication Request] parameter requests that specific Claims be returned from the [userinfo_endpoint] and/or in the [id_token]. It is represented as a [JSON Object] containing lists of Claims being requested from these locations. 

Properties of the Claims being requested [MAY] also be specified.

Support for the claims parameter is OPTIONAL. Should an OP not support this parameter and an RP uses it, the OP SHOULD return a set of Claims to the RP that it believes would be useful to the RP and the End-User using whatever heuristics it believes are appropriate. The [claims_parameter_supported] Discovery result indicates whether the OP supports this parameter.

The claims parameter value is represented in an OAuth 2.0 request as UTF-8 encoded JSON (which ends up being form-urlencoded when passed as an OAuth parameter). When used in a Request Object value, per Section 6.1, the JSON is used as the value of the claims member.

The top-level members of the [{$pagename}] request [JSON Object] are:
* userinfo - [OPTIONAL]. Requests that the listed individual Claims be returned from the UserInfo Endpoint. If present, the listed Claims are being requested to be added to any [{$pagename}] that are being requested using [scope|OAuth Scopes] values. If not present, the Claims being requested from the [userinfo_endpoint] are __only__ those requested using [scope|OAuth Scopes] values.
When the userinfo member is used, the request [MUST] also use a [response_type] value that results in an [access_token] being issued to the Client for use at the [userinfo_endpoint].
* [id_token] - [OPTIONAL]. Requests that the listed individual [{$pagename}] be returned in the [id_token]. If present, the listed [{$pagename}] are being requested to be added to the [OpenID Connect Standard Claims] in the [id_token]. If not present, the default [id_token] Claims are requested, as per the [id_token] definition in Section 2 [OpenID.Core] and per the additional per-flow [id_token] requirements in Sections 3.1.3.6, 3.2.2.10, 3.3.2.11, and 3.3.3.6.[OpenID.Core]

Other members [MAY] be present. Any members used that are not understood [MUST] be ignored.

An [example] Claims request is as follows:
%%prettify 
{{{
{
 "userinfo":
  {
   "given_name": {"essential": true},
   "nickname": null,
   "email": {"essential": true},
   "email_verified": {"essential": true},
   "picture": null,
   "http://example.info/claims/groups": null
  },
 "id_token":
  {
   "auth_time": {"essential": true},
   "acr": {"values": ["urn:mace:incommon:iap:silver"] }
  }
}
}}} /%

Note that a [Claim] that is not in the [OpenID Connect Standard Claims] defined in Section 5.1, the (example) http://example.info/claims/groups Claim, is being requested. Using the claims parameter is the __only__ way to request Claims outside the [OpenID Connect Standard Claims]. It is also the only way to request specific combinations of the [OpenID Connect Standard Claims] that cannot be specified using [scope|OAuth Scopes] values. 

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OpenID Connect Core 1.0 incorporating errata set 1|http://openid.net/specs/openid-connect-core-1_0.htm|target='_blank'] - based on data observed:2015-05-18
* [#1] - [OpenID Connect Core 1.0 incorporating errata set 1 (Section 5.5)|https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter|target='_blank'] - based on data observed:2015-05-18