On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva <[email protected]>
wrote:
> Hi,
>
> In OIDC spec,following claims are mentioned as mandatory.
> -iss
> -sub
> -aud
> -exp
> -iat
>
> Currently as mentioned in jira [1], it is possible to write custom OAuth2
> grant type which returns IDToken without "sub" claim.
>
> When we handle this scenario, there is a small concern
> that need to be clarified.
>
> -When analyze the spec we could not find any instance where it mentioned
> the error message to display in such a scenario.
> In that case, shall we come up with *new error message*?
> {"error_description":"custom description.","error":"custom_error"}
>
> - or throw a server exception and send the standard *server error*
> message ?
> ex:
> {"error_description":"Internal Server Error.","error":"server_error"}
>
IMO what happen here is, server can not generate valid IDToken. "Internal
Server Error " can properly describe this behavior so better to use that
code, returning custom code may cause interoperability issues as well.
Thanks !
>
>
> Appreciate any input on how to proceed with this.
>
> [1]https://wso2.org/jira/browse/IDENTITY-6088
> [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>
> Thanks,
> --
> Denuwanthi De Silva
> Senior Software Engineer;
> WSO2 Inc.; http://wso2.com,
> Email: [email protected]
> Blog: https://denuwanthi.wordpress.com/
>
--
Sagara Gunathunga
Associate Director / Architect; WSO2, Inc.; http://wso2.com
V.P Apache Web Services; http://ws.apache.org/
Linkedin; http://www.linkedin.com/in/ssagara
Blog ; http://ssagara.blogspot.com
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
