Hi, In OIDC spec,following claims are mentioned as mandatory. -iss -sub -aud -exp -iat
Currently as mentioned in jira [1], it is possible to write custom OAuth2 grant type which returns IDToken without "sub" claim. When we handle this scenario, there is a small concern that need to be clarified. -When analyze the spec we could not find any instance where it mentioned the error message to display in such a scenario. In that case, shall we come up with *new error message*? {"error_description":"custom description.","error":"custom_error"} - or throw a server exception and send the standard *server error* message ? ex: {"error_description":"Internal Server Error.","error":"server_error"} Appreciate any input on how to proceed with this. [1]https://wso2.org/jira/browse/IDENTITY-6088 [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken Thanks, -- Denuwanthi De Silva Senior Software Engineer; WSO2 Inc.; http://wso2.com, Email: denuwan...@wso2.com Blog: https://denuwanthi.wordpress.com/
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev