On Thu, Aug 10, 2017 at 5:15 PM, Hasini Witharana <hasi...@wso2.com> wrote:
> Hi, > > Currently I am working on making WSO2 IS OpenID Connect certified. I ran a > test on requesting essential claims from OP, when the scope is openid. It > gave an error saying unexpected claims returned. > This is not an error, but a warning correct ? > Then I inquired about this issue through the mailing list of OIDC > specifications [1]. I got some information from that as openid scope > should only return subject and issuer. > > IS 5.4.0 is supporting many claims for scope openid. They are : > sub,email,email_verified,name,family_name,given_name,middle_ > name,nickname, > > preferred_username,profile,picture,website,gender,birthdate,zoneinfo,locale, > > phone_number,phone_number_verified,address,street,updated_at > > I couldn't find In the OIDC specification where it mention that, openid > scope should only return subject and issuer. > AFAIK, the spec has not specifically mentioned about what we should return for the openid scope and it only mentions about the what should be returned for the default 4 scopes. However it is understandable that the test client expects a minimum set of claims when having only the openid scope. If an RP needs additional claims, it should request them with specifying additional scopes and/or essential claims. So I think the correct behavior would be to return only a minimal set of claims for the openid scope. > Can you please help me on this issue? > > Thank you. > > > [1] - http://lists.openid.net/pipermail/openid-specs/2017- > August/subject.html > > -- > > *Hasini Witharana* > Software Engineering Intern | WSO2 > > > *Email : hasi...@wso2.com <hasi...@wso2.com>* > > *Mobile : +94713850143 <+94%2071%20385%200143>[image: > http://wso2.com/signature] <http://wso2.com/signature>* > Regards, Omindu. -- Omindu Rathnaweera Senior Software Engineer, WSO2 Inc. Mobile: +94 771 197 211
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev