Hi,
In OIDC spec,following claims are mentioned as mandatory.
-iss
-sub
-aud
-exp
-iat
Currently as mentioned in jira [1], it is possible to write custom OAuth2
grant type which returns IDToken without "sub" claim.
When we handle this scenario, there is a small concern
that need to be clarified.
-When analyze the spec we could not find any instance where it mentioned
the error message to display in such a scenario.
In that case, shall we come up with *new error message*?
{"error_description":"custom description.","error":"custom_error"}
- or throw a server exception and send the standard *server error* message ?
ex:
{"error_description":"Internal Server Error.","error":"server_error"}
Appreciate any input on how to proceed with this.
[1]https://wso2.org/jira/browse/IDENTITY-6088
[2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken
Thanks,
--
Denuwanthi De Silva
Senior Software Engineer;
WSO2 Inc.; http://wso2.com,
Email: denuwan...@wso2.com
Blog: https://denuwanthi.wordpress.com/
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
