--- title: OpenID Connect (OIDC) scopes description: Standard OpenID Connect scopes control which user claims are included in an id_token or in a userinfo response. Unlike other resources, scopes from this resource can be included in an access token along with scopes from another resource. component: pingone-api page_id: pingone-api:foundations:pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes canonical_url: https://developer.pingidentity.com/pingone-api/foundations/pingone-roles-scopes-and-permissions/access-services-through-scopes-and-roles/openid-connect-oidc-scopes.html section_ids: oidc-scopes-for-user-information: OIDC scopes for user information --- # OpenID Connect (OIDC) scopes Standard OpenID Connect scopes control which user claims are included in an `id_token` or in a `userinfo` response. Unlike other resources, scopes from this resource can be included in an access token along with scopes from another resource. PingOne supports the following OIDC scopes: | Scope | Description | | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `profile` | This scope value requests access to the end-user's profile claims, which are: `name`, `family_name`, `given_name`, `middle_name`, `preferred_username`, `nickname`, `picture`, `zoneinfo`, `locale`, `profile`, `website`, `gender`, `birthdate`, and `updated_at`. | | `email` | This scope value requests access to the `email` and `email_verified` claims. | | `address` | This scope value requests access to the following claims: `address.street_address`, `address.locality`, `address.region`, `address.postal_code`, `address.country`, `address.formatted`. | | `phone` | This scope value requests access to the `phone_number` and `phone_number_verified` claims. | | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For `id_token` authorization requests, the `openid` scope is a required scope that tells the authorization server of an incoming OpenID Connect request. | ## OIDC scopes for user information The following sample shows an `implicit` authorization request with an `id_token` response type. The `scope` parameter specifies the required `openid` scope. It also specifies the optional `profile` scope to provide access to the end-user's default profile claims. ```bash curl -X GET \ 'https://auth.pingone.com/{{envID}}/as/authorize?client_id={{appID}}&redirect_uri={{redirect_uri}}&response_type=id_token&scope=openid%20profile' ``` | | | | - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | You must include `openid` in your requested scopes if you want to use the access token to call the `/userinfo` endpoint and get a `sub` attribute in the response. Also, you can include additional OpenID Connect scopes in the `scope` parameter of the initial authorization request to add more user claims in the `id_token` and return more information about the user in the `/userinfo` response. | For more information about retrieving scopes for a specified resource, refer to [Get scopes for a resource](../../../platform/resources/resource-scopes.html) in the *PingOne Platform APIs*.