In IdentityServer3, why are all identity claims excluded from the id_token if an access token is also requested?

Question

I have been looking at the source code for IdentityServer3 while working on a custom implementation. I am having trouble trying to add claims to the id_token. I came across this snippet of code here:

 //From AuthorizeResponseGenerator.cs, method CreateImplicitFlowResponseAsync
 string jwt = null;
 if (responseTypes.Contains(Constants.ResponseTypes.IdToken))
 {
     var tokenRequest = new TokenCreationRequest
     {
           ValidatedRequest = request,
           Subject = request.Subject,
           Client = request.Client,
           Scopes = request.ValidatedScopes.GrantedScopes,

           Nonce = request.Raw.Get(Constants.AuthorizeRequest.Nonce),
           IncludeAllIdentityClaims = !request.AccessTokenRequested, // <---- This line
           AccessTokenToHash = accessTokenValue,
           AuthorizationCodeToHash = authorizationCode
      };

Setting the IncludeAllIdentityClaims property in this class affects how claims are added once the flow of the program reaches here. My question is why is the IncludeAllIdentityClaims property being set off a value that relates to the access_token? I thought the access_token and the claims it can hold is completely unrelated to the id_token and the corresponding claims it holds?

Answer 1

Because that's how the spec is written -- it's to optimize the token size. We have a setting called AlwaysIncludeInIdToken on the scope claims to disable this optimization.