Re: [Dev] Handling required claims in ID Token

Tue, 04 Jul 2017 19:38:22 -0700 

Thank you Sagara for the response.
Yes, as you mentioned it means logical to use the server error response.
will proceed with that.


Thanks,

On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga <sag...@wso2.com> wrote:

>
>
> On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva <denuwan...@wso2.com>
> wrote:
>
>> Hi,
>>
>> In OIDC spec,following claims are mentioned as mandatory.
>> -iss
>> -sub
>> -aud
>> -exp
>> -iat
>>
>> Currently as mentioned in jira [1], it is possible to write custom OAuth2
>> grant type which returns IDToken without "sub" claim.
>>
>> When we handle this scenario, there is a small concern
>>  that need to be clarified.
>>
>> -When analyze the spec we could  not find any instance where it mentioned
>> the error message to display in such a scenario.
>> In that case, shall we come up with *new error message*?
>> {"error_description":"custom description.","error":"custom_error"}
>>
>> - or throw a server exception and send the standard *server error*
>> message ?
>> ex:
>> {"error_description":"Internal Server Error.","error":"server_error"}
>>
>
> IMO what happen here is, server can not generate valid IDToken.  "Internal
> Server Error " can properly describe this behavior  so better to use that
> code, returning custom code may cause  interoperability  issues as well.
>
> Thanks !
>
>>
>>
>> Appreciate any input on how to proceed with this.
>>
>> [1]https://wso2.org/jira/browse/IDENTITY-6088
>> [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>
>> Thanks,
>> --
>> Denuwanthi De Silva
>> Senior Software Engineer;
>> WSO2 Inc.; http://wso2.com,
>> Email: denuwan...@wso2.com
>> Blog: https://denuwanthi.wordpress.com/
>>
>
>
>
> --
> Sagara Gunathunga
>
> Associate Director / Architect; WSO2, Inc.;  http://wso2.com
> V.P Apache Web Services;    http://ws.apache.org/
> Linkedin; http://www.linkedin.com/in/ssagara
> Blog ;  http://ssagara.blogspot.com
>
>


-- 
Denuwanthi De Silva
Senior Software Engineer;
WSO2 Inc.; http://wso2.com,
Email: denuwan...@wso2.com
Blog: https://denuwanthi.wordpress.com/

_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to