On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva <denuwan...@wso2.com> wrote:
> Hi, > > In OIDC spec,following claims are mentioned as mandatory. > -iss > -sub > -aud > -exp > -iat > > Currently as mentioned in jira [1], it is possible to write custom OAuth2 > grant type which returns IDToken without "sub" claim. > > When we handle this scenario, there is a small concern > that need to be clarified. > > -When analyze the spec we could not find any instance where it mentioned > the error message to display in such a scenario. > In that case, shall we come up with *new error message*? > {"error_description":"custom description.","error":"custom_error"} > > - or throw a server exception and send the standard *server error* > message ? > ex: > {"error_description":"Internal Server Error.","error":"server_error"} > IMO what happen here is, server can not generate valid IDToken. "Internal Server Error " can properly describe this behavior so better to use that code, returning custom code may cause interoperability issues as well. Thanks ! > > > Appreciate any input on how to proceed with this. > > [1]https://wso2.org/jira/browse/IDENTITY-6088 > [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken > > Thanks, > -- > Denuwanthi De Silva > Senior Software Engineer; > WSO2 Inc.; http://wso2.com, > Email: denuwan...@wso2.com > Blog: https://denuwanthi.wordpress.com/ > -- Sagara Gunathunga Associate Director / Architect; WSO2, Inc.; http://wso2.com V.P Apache Web Services; http://ws.apache.org/ Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev