On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana <[email protected]> wrote:
> Hi Sagara, Denuwanthi, > > There are many ways to write custom grant type. Even ClientCredentials > grant type can be extended to custom grant type where do not need to think > about ID token. If can you point to exact example and explain the problem, > it would be great. > You can try default sample mentioned in our docs[1] [1] - https://docs.wso2.com/display/IS530/Writing+a+Custom+OAuth+2.0+Grant+Type Thanks ! > > Thanks, > Gayan > > On Tue, Jul 4, 2017 at 9:37 PM, Denuwanthi De Silva <[email protected]> > wrote: > >> Thank you Sagara for the response. >> Yes, as you mentioned it means logical to use the server error response. >> will proceed with that. >> >> >> Thanks, >> >> On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga <[email protected]> >> wrote: >> >>> >>> >>> On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva <[email protected] >>> > wrote: >>> >>>> Hi, >>>> >>>> In OIDC spec,following claims are mentioned as mandatory. >>>> -iss >>>> -sub >>>> -aud >>>> -exp >>>> -iat >>>> >>>> Currently as mentioned in jira [1], it is possible to write custom >>>> OAuth2 grant type which returns IDToken without "sub" claim. >>>> >>>> When we handle this scenario, there is a small concern >>>> that need to be clarified. >>>> >>>> -When analyze the spec we could not find any instance where it >>>> mentioned the error message to display in such a scenario. >>>> In that case, shall we come up with *new error message*? >>>> {"error_description":"custom description.","error":"custom_error"} >>>> >>>> - or throw a server exception and send the standard *server error* >>>> message ? >>>> ex: >>>> {"error_description":"Internal Server Error.","error":"server_error"} >>>> >>> >>> IMO what happen here is, server can not generate valid IDToken. >>> "Internal Server Error " can properly describe this behavior so better to >>> use that code, returning custom code may cause interoperability issues as >>> well. >>> >>> Thanks ! >>> >>>> >>>> >>>> Appreciate any input on how to proceed with this. >>>> >>>> [1]https://wso2.org/jira/browse/IDENTITY-6088 >>>> [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken >>>> >>>> Thanks, >>>> -- >>>> Denuwanthi De Silva >>>> Senior Software Engineer; >>>> WSO2 Inc.; http://wso2.com, >>>> Email: [email protected] >>>> Blog: https://denuwanthi.wordpress.com/ >>>> >>> >>> >>> >>> -- >>> Sagara Gunathunga >>> >>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>> V.P Apache Web Services; http://ws.apache.org/ >>> Linkedin; http://www.linkedin.com/in/ssagara >>> Blog ; http://ssagara.blogspot.com >>> >>> >> >> >> -- >> Denuwanthi De Silva >> Senior Software Engineer; >> WSO2 Inc.; http://wso2.com, >> Email: [email protected] >> Blog: https://denuwanthi.wordpress.com/ >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Gayan Gunawardana > Senior Software Engineer; WSO2 Inc.; http://wso2.com/ > Email: [email protected] > Mobile: +94 (71) 8020933 > -- Sagara Gunathunga Associate Director / Architect; WSO2, Inc.; http://wso2.com V.P Apache Web Services; http://ws.apache.org/ Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
