On Thu, Aug 10, 2017 at 5:15 PM, Hasini Witharana <hasi...@wso2.com> wrote:

> Hi,
> Currently I am working on making WSO2 IS OpenID Connect certified. I ran a
> test on requesting essential claims from OP, when the scope is openid. It
> gave an error saying unexpected claims returned.

This is not an error, but a warning correct ?

> Then I inquired about this issue through the mailing list of OIDC
> specifications [1]. I got some information from that as openid scope
> should only return subject and issuer.
> IS 5.4.0 is supporting many claims for scope openid. They are :
>               sub,email,email_verified,name,family_name,given_name,middle_
> name,nickname,
> preferred_username,profile,picture,website,gender,birthdate,zoneinfo,locale,
>               phone_number,phone_number_verified,address,street,updated_at
> I couldn't find In the OIDC specification where it mention that, openid
> scope should only return subject and issuer.

AFAIK, the spec has not specifically mentioned about what we should return
for the openid scope and it only mentions about the what should be returned
for the default 4 scopes. However it is understandable that the test client
expects a minimum set of claims when having only the openid scope. If an RP
needs additional claims, it should request them with specifying additional
scopes and/or essential claims. So I think the correct behavior would be to
return only a minimal set of claims for the openid scope.

> Can you please help me on this issue?
> Thank you.
> [1] - http://lists.openid.net/pipermail/openid-specs/2017-
> August/subject.html
> --
> *Hasini Witharana*
> Software Engineering Intern | WSO2
> *Email : hasi...@wso2.com <hasi...@wso2.com>*
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] <http://wso2.com/signature>*


Omindu Rathnaweera
Senior Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
Dev mailing list

Reply via email to