...
We strongly advise you not to build your own OpenID Connect implementation, but use one of the products already available. The official OpenID website provides a nice overview of certified and uncertified implementations.
Claims and attributes
Your service probably needs (personal) information about the user logging in, for example an e-mail address or display name. These claims are provided by the user's institution in the form of SAML attributes. SURFconext translates those SAML attributes to OpenID Connect claims. Refer to this page to see which claims are available for use within your service.
...