There are certain claims in id_token which I am trying to exclude but somehow i am not able to achieve this . I can modify these claims but can’t remove it from response.
Claims that I am planning to exclude as the downstream application does not use it are :
c_hash
acr
s_hash
org.forgerock.openidconnect.ops
I have followed the documentation and enabled the “Overrideable Id_Token Claims” option. In the “oidc claim script” i am overriding them like shown below :
computedClaims.put(“c_hash”, null);
computedClaims.put(“acr”, null);
computedClaims.put(“org.forgerock.openidconnect.ops”, null);
computedClaims.put(“auth_time”, null);
computedClaims.put(“realm”, null);
Any idea if these claims are restricted and we can’t exclude them ?
I am using PKCE flow where while making request to /authorize endpoint , I am using response_type=code. The scope confgured for OAuthClient is “openid”.