One School of thought (GDPR) is that you can only ask for claims that are required. That is why it is essential as all are required.
The openID scope should only return subject and issuer. You need to ask for the specific claims that you want if you don't want all the claims in a scope like profile. So it sounds like a bug in the test. John B. On Aug 8, 2017 7:49 AM, "Hasini Witharana" <hasinidila...@gmail.com <mailto:hasinidila...@gmail.com>> wrote: Hi, Currently I am working with OpenID Connect Certification basic profile. In the OP, I have configured some claims to be gained when the scope is openid. When I send a authorization request with an essential claim I will get all claims for openid and the essential claim. In the specifications there is no, rule as It should return only the essential claim. "OP-claims-essential" test is failing because unexpected claims are returned. Can you please clarify this issue? -- Hasini Witharana Undergraduate | Department of Computer Science and Engineering University of Moratuwa Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/> _______________________________________________ specs mailing list sp...@lists.openid.net <mailto:sp...@lists.openid.net> http://lists.openid.net/mailman/listinfo/openid-specs <http://lists.openid.net/mailman/listinfo/openid-specs>
Description: S/MIME Cryptographic Signature
_______________________________________________ specs mailing list sp...@lists.openid.net http://lists.openid.net/mailman/listinfo/openid-specs