Hi Gayan,
As I see, Denuwanthi is talking about the scenario where the grant type
does generate an ID token. In that case, we need to validate that generated
id token where we need to make sure the mandatory fields are there.
On Thu, Jul 6, 2017 at 9:55 AM, Gayan Gunawardana <ga...@wso2.com> wrote:
> Hi Sagara, Denuwanthi,
>
> There are many ways to write custom grant type. Even ClientCredentials
> grant type can be extended to custom grant type where do not need to think
> about ID token. If can you point to exact example and explain the problem,
> it would be great.
>
> Thanks,
> Gayan
>
> On Tue, Jul 4, 2017 at 9:37 PM, Denuwanthi De Silva <denuwan...@wso2.com>
> wrote:
>
>> Thank you Sagara for the response.
>> Yes, as you mentioned it means logical to use the server error response.
>> will proceed with that.
>>
>>
>> Thanks,
>>
>> On Tue, Jul 4, 2017 at 7:08 PM, Sagara Gunathunga <sag...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Tue, Jul 4, 2017 at 6:54 PM, Denuwanthi De Silva <denuwan...@wso2.com
>>> > wrote:
>>>
>>>> Hi,
>>>>
>>>> In OIDC spec,following claims are mentioned as mandatory.
>>>> -iss
>>>> -sub
>>>> -aud
>>>> -exp
>>>> -iat
>>>>
>>>> Currently as mentioned in jira [1], it is possible to write custom
>>>> OAuth2 grant type which returns IDToken without "sub" claim.
>>>>
>>>> When we handle this scenario, there is a small concern
>>>> that need to be clarified.
>>>>
>>>> -When analyze the spec we could not find any instance where it
>>>> mentioned the error message to display in such a scenario.
>>>> In that case, shall we come up with *new error message*?
>>>> {"error_description":"custom description.","error":"custom_error"}
>>>>
>>>> - or throw a server exception and send the standard *server error*
>>>> message ?
>>>> ex:
>>>> {"error_description":"Internal Server Error.","error":"server_error"}
>>>>
>>>
>>> IMO what happen here is, server can not generate valid IDToken.
>>> "Internal Server Error " can properly describe this behavior so better to
>>> use that code, returning custom code may cause interoperability issues as
>>> well.
>>>
>>> Thanks !
>>>
>>>>
>>>>
>>>> Appreciate any input on how to proceed with this.
>>>>
>>>> [1]https://wso2.org/jira/browse/IDENTITY-6088
>>>> [2]http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>>>
>>>> Thanks,
>>>> --
>>>> Denuwanthi De Silva
>>>> Senior Software Engineer;
>>>> WSO2 Inc.; http://wso2.com,
>>>> Email: denuwan...@wso2.com
>>>> Blog: https://denuwanthi.wordpress.com/
>>>>
>>>
>>>
>>>
>>> --
>>> Sagara Gunathunga
>>>
>>> Associate Director / Architect; WSO2, Inc.; http://wso2.com
>>> V.P Apache Web Services; http://ws.apache.org/
>>> Linkedin; http://www.linkedin.com/in/ssagara
>>> Blog ; http://ssagara.blogspot.com
>>>
>>>
>>
>>
>> --
>> Denuwanthi De Silva
>> Senior Software Engineer;
>> WSO2 Inc.; http://wso2.com,
>> Email: denuwan...@wso2.com
>> Blog: https://denuwanthi.wordpress.com/
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>
> _______________________________________________
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
*Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc.
email: kasung AT spamfree wso2.com
linked-in: http://lk.linkedin.com/in/gajasinghe
blog: http://kasunbg.org
phone: +1 650-745-4499, 77 678 0813
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
