Hi Sagara, Denuwanthi, There are many ways to write custom grant type. Even ClientCredentials grant type can be extended to custom grant type where do not need to think about ID token. If can you point to exact example and explain the problem, it would be great.
Thanks, Gayan On Tue, Jul 4, 2017 at 9:37 PM, Denuwanthi De Silva <[email protected]> wrote: > Thank you Sagara for the response. > Yes, as you mentioned it means logical to use the server error response. > will proceed with that. > > > Thanks, > > On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga <[email protected]> wrote: > >> >> >> On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva <[email protected]> >> wrote: >> >>> Hi, >>> >>> In OIDC spec,following claims are mentioned as mandatory. >>> -iss >>> -sub >>> -aud >>> -exp >>> -iat >>> >>> Currently as mentioned in jira [1], it is possible to write custom >>> OAuth2 grant type which returns IDToken without "sub" claim. >>> >>> When we handle this scenario, there is a small concern >>> that need to be clarified. >>> >>> -When analyze the spec we could not find any instance where it >>> mentioned the error message to display in such a scenario. >>> In that case, shall we come up with *new error message*? >>> {"error_description":"custom description.","error":"custom_error"} >>> >>> - or throw a server exception and send the standard *server error* >>> message ? >>> ex: >>> {"error_description":"Internal Server Error.","error":"server_error"} >>> >> >> IMO what happen here is, server can not generate valid IDToken. >> "Internal Server Error " can properly describe this behavior so better to >> use that code, returning custom code may cause interoperability issues as >> well. >> >> Thanks ! >> >>> >>> >>> Appreciate any input on how to proceed with this. >>> >>> [1]https://wso2.org/jira/browse/IDENTITY-6088 >>> [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken >>> >>> Thanks, >>> -- >>> Denuwanthi De Silva >>> Senior Software Engineer; >>> WSO2 Inc.; http://wso2.com, >>> Email: [email protected] >>> Blog: https://denuwanthi.wordpress.com/ >>> >> >> >> >> -- >> Sagara Gunathunga >> >> Associate Director / Architect; WSO2, Inc.; http://wso2.com >> V.P Apache Web Services; http://ws.apache.org/ >> Linkedin; http://www.linkedin.com/in/ssagara >> Blog ; http://ssagara.blogspot.com >> >> > > > -- > Denuwanthi De Silva > Senior Software Engineer; > WSO2 Inc.; http://wso2.com, > Email: [email protected] > Blog: https://denuwanthi.wordpress.com/ > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Gayan Gunawardana Senior Software Engineer; WSO2 Inc.; http://wso2.com/ Email: [email protected] Mobile: +94 (71) 8020933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
