On Wed, Sep 20, 2017 at 1:44 PM, Johann Nallathamby <[email protected]> wrote:
> I would like to see others comments also. > > Since this is a spec violation do we need to be backward compatible? I > would say we don't have to be. But I know we can have users who want like > it to be a breaking change. So it's important what other IAM members think. > I have 2 points on this.... 1. According to OIDC spec this is a bug so we have to fix it. 2. The real meaning of backward compatibility through a property is, there is a mode that IS continues to return a invalid content. IMO it's ok to break the clients who depend on invalid content, when they upgrade to newer version of IS they have to change those logic as migration step. Thanks ! > > If we need to have a property we can have a blanket property for all such > backward incompatible changes in IS 5.4.0 and allow the user to configure, > without having one property for each change. > > Regards, > Johann. > > On Wed, Sep 20, 2017 at 1:40 PM, Dinusha Senanayaka <[email protected]> > wrote: > >> Yes, this can break existing clients which has parsed current id_token >> and using these two values. One option is to introduce a new config to keep >> the old format of id_token and if the config value is switched, we support >> for the new format which is compliance for OIDC specification. We can >> deprecate supporting for old format after few releases. >> >> Regards, >> Dinusha >> >> On Wed, Sep 20, 2017 at 9:26 AM, Hasini Witharana <[email protected]> >> wrote: >> >>> Hi, >>> >>> OIDC test suite has been updated and now new issues have come in basic >>> profile (where response_type=code). The issues are given below. >>> >>> 1. OP-scope-email >>> In here email_verified is returned as a string in id_token and it >>> should be a boolean value. >>> >>> 2. OP-scope-phone >>> In here phone_number_verified is returned as a string in id_token >>> and it should be a boolean value. >>> >>> If we change these parameters to return boolean values, will the >>> existing users get effected by that? >>> >>> Thank you. >>> -- >>> >>> *Hasini Witharana* >>> Software Engineering Intern | WSO2 >>> >>> >>> *Email : [email protected] <[email protected]>* >>> >>> *Mobile : +94713850143 <071%20385%200143>[image: >>> http://wso2.com/signature] <http://wso2.com/signature>* >>> >> >> >> >> -- >> Dinusha Dilrukshi >> Technical Lead >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94764069991 <+94%2076%20406%209991> >> Blog: http://dinushasblog.blogspot.com/ >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Senior Lead Solutions Engineer > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Sagara Gunathunga Director; WSO2, Inc.; http://wso2.com V.P Apache Web Services; http://ws.apache.org/ Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
