Quasr
  • Introduction
    • Welcome to Quasr
    • Concepts
      • Flexible Authentication
      • User-Centric Privacy
      • Modern Development
    • Terminology
    • FAQs
  • Getting Started
    • Sign up with Quasr
    • Setup your tenant
      • Factor Configuration
      • Enrolling additional factors
      • Test with the Sample Client
      • Understanding Scopes & Scores
      • Setting up an API Client (M2M)
    • Connect your app
      • Hosted Login UI
      • Custom Login UI
      • Embedded Login UI
  • Account Administration
    • Introduction
    • Account & Billing
      • Metrics
    • Tenants
    • Usage & Statistics
    • Security
  • Tenant Administration
    • Introduction
    • Dashboard
    • Tenant Settings
    • Your Security
    • Accounts
      • Tenant Admins
    • Factors
      • Factors and Scoring
      • Username (ID)
      • Federation (OAuth2 / OIDC)
        • Apple
        • Facebook
        • GitHub
        • Google
        • LinkedIn
        • Slack
      • Time-based One-time Password (TOTP)
      • One-Time Password (OTP)
      • Password
      • Secret
    • Controls
      • Configuration
      • Permissions
      • Consents
      • Rules
    • Attributes
      • Capturing Claims
      • Sourcing Claims
      • Viewing Claims
      • Searching Claims / Users
      • Sharing Claims
    • Extensions
      • Synchronous
      • Asynchronous
    • Tokens
      • Session Token (OAuth 2.0)
      • Access Token (OAuth 2.0)
      • Refresh Token (OAuth 2.0)
      • ID Token (OIDC 1.0)
      • Consent Token
      • Authorization Code (OAuth 2.0)
    • Hosted Login Page
    • APIs
      • Authentication API
      • Management API (GraphQL)
  • Legal
    • Terms of Service
    • Acceptable Use Policy
    • DPA & Subprocessors
  • More Info
    • Standards
    • Security
      • Vulnerability Disclosure
      • Wall of Recognition
    • Support
    • Status
Powered by GitBook
On this page
  • Manually provided by the user
  • Automatically sourced from a factor
  • Manually provided by an admin
  1. Tenant Administration
  2. Attributes

Capturing Claims

PreviousAttributesNextSourcing Claims

Last updated 18 days ago

There are 5 ways in which claims can be captured:

  1. Manually provided by the user during the signup or login process.

  2. Manually provided by the user in the Account UI.

  3. Automatically sourced through one of the signup or login factors used.

  4. Manually provided by an admin in the Admin UI.

  5. Automatically provided by an admin client via the Management API.

Manually provided by the user

The user can manually provide claims during signup or login using the Authentication API. Important is the score of the attributes you want to store as the user needs to have a session with a (security) score at least equal to or larger as the score of the attribute.

The API call to store claims using the Authentication API looks as below (Postman documentation ):

// POST https://{{tenant_id}}.api.quasr.io/attributes
// Authorization: Bearer <session_token>
{
    "id": "<attribute_id>", // REQUIRED
    "subtype": "<attribute_subtype>", // REQUIRED
    "value": "<claim_value>", // REQUIRED
    "label": "<claim_label>" // OPTIONAL
}

Alternatively the user can also manually provide claims in the Account UI or via the Management API. In the Account UI users can go to Attributes and then click Create in the upper right corner.

// POST https://{{tenant_id}}.api.quasr.io/graphql
// Authorization: Bearer <accesss_token>
{
    "query": `
        mutation createClaim($input: CreateClaimInput!) {
            createClaim(input: $input) {
                id
            }
        }`,
    "variables": `{
        "input": {
            "attribute": "<attribute_id>", // REQUIRED
            "subtype": "<attribute_subtype>", // REQUIRED
            "value": "<claim_value>", // REQUIRED
            "label": "<claim_label>", // OPTIONAL
            "status": "<claim_status>" // OPTIONAL
        }
    }`
}

Automatically sourced from a factor

The system can automatically source claims from factors used during signup or login via sources. Using sources allows you to capture claims from following factors:

  • Username - You can capture the username during signup.

  • One-Time Password (OTP) - You can capture the channel (email, phone number, etc.) during signup.

  • OAuth 2.0 / OpenID Connect (OIDC) - You can capture the claims in the identity token returned from the identity provider during signup and login.

Manually provided by an admin

An admin can manually provide claims in the Admin UI or via the Management API. In the Admin UI admins can go to Users, select the desired user, go to the Attributes tab and then click Create in the upper right corner.

// POST https://{{tenant_id}}.api.quasr.io/graphql
// Authorization: Bearer <accesss_token>
{
    "query": `
        mutation createClaim($input: CreateClaimInput!) {
            createClaim(input: $input) {
                id
            }
        }`,
    "variables": `{
        "input": {
            "account": "<account_id>", // REQUIRED
            "attribute": "<attribute_id>", // REQUIRED
            "subtype": "<attribute_subtype>", // REQUIRED
            "value": "<claim_value>", // REQUIRED
            "label": "<claim_label>", // OPTIONAL
            "status": "<claim_status>" // OPTIONAL
        }
    }`
}

The API call to store claims using the Management API looks as below (Postman documentation ):

Please go to for more details.

The API call to store claims using the Management API looks as below (Postman documentation ):

here
here
Sourcing Claims
here