Get started
API scopes
Integration guides
Features
Troubleshooting
Standard scopes
Kenni ships with a fixed set of identity scopes for the authenticated user, the company on whose behalf the user is acting (for delegated sessions), and the actor (the human in a delegation). Each scope releases one or more claims on the ID token and the user-info endpoint.
Scopes marked auto-consent are released without prompting the user. The remaining scopes require your application to have the consent feature enabled — they only show up in the Consent tab of an application once consent is on.
The exact scopes a given application can request — filtered by its plan tier and feature configuration — are listed under Requestable identity scopes on the application's Overview tab in the developer portal.
Session
| Scope | Claims | Notes |
|---|---|---|
openid | sub, actor | Required for any OIDC flow. Auto-consent. |
offline_access | offline_access | Required for a refresh token to be issued. Auto-consent. |
User identity
Released about the authenticated end user.
| Scope | Claims | Notes |
|---|---|---|
display_name | display_name, name | The user's editable display name. Requires consent. |
picture | picture | Profile picture. Requires consent. |
national_id | national_id | National identification number. Auto-consent. |
audkenni_name | audkenni_name, name | Name as reported by Audkenni. Auto-consent. |
audkenni_phone_number | audkenni_phone_number | Phone number as reported by Audkenni. Auto-consent. |
phone_number | phone_number, phone_number_verified | Editable phone number. Requires consent. |
email | email, email_verified | Email address. Requires consent. |
Company
Released for delegated sessions where the user is acting on behalf of a company. Requires the company delegation feature.
| Scope | Claims | Notes |
|---|---|---|
company_display_name | company_display_name, name | Company's editable display name. Requires consent. |
company_name | company_name, name | Legal name from the company registry. Auto-consent. |
company_email | company_email | Company email. Requires consent. |
company_phone_number | company_phone_number | Company phone number. Requires consent. |
company_logo | company_logo | Company logo. Requires consent. |
Actor
In a delegated session the actor is the human acting on behalf of the subject. Released under the actor.* namespace. Requires the delegation feature.
| Scope | Claims | Notes |
|---|---|---|
actor_display_name | actor.display_name, actor.name | Actor's editable display name. Requires consent. |
actor_audkenni_name | actor.audkenni_name, actor.name | Actor's name from Audkenni. Auto-consent. |
actor_audkenni_phone_number | actor.audkenni_phone_number | Actor's phone from Audkenni. Auto-consent. |
actor_picture | actor.picture | Actor's profile picture. Requires consent. |
actor_national_id | actor.national_id | Actor's national ID. Auto-consent. |
actor_phone_number | actor.phone_number | Actor's editable phone number. Requires consent. |
actor_email | actor.email | Actor's email. Requires consent. |
delegation_type | delegation_type | The type(s) of delegation in use. Auto-consent. |
Deprecated
These scopes are kept for backwards compatibility. Use the replacement instead.
| Scope | Replacement | Claims |
|---|---|---|
profile | display_name | name |
actor_profile | actor_display_name | actor.name |