If it is a bug in the test, should I report it as a git hub issue?
I can't find in the OpenID Connect specifications, where it says that
openid scope should only return subject and issuer. If I configured in OP
to return some other claim like name for openid scope other than subject
and issuer, will it be a spec violation?
On Tue, Aug 8, 2017 at 6:26 PM, John Bradley <jbrad...@wingaa.com> wrote:
> One School of thought (GDPR) is that you can only ask for claims that are
> required. That is why it is essential as all are required.
> The openID scope should only return subject and issuer. You need to ask
> for the specific claims that you want if you don't want all the claims in a
> scope like profile.
> So it sounds like a bug in the test.
> John B.
> On Aug 8, 2017 7:49 AM, "Hasini Witharana" <hasinidila...@gmail.com>
> Currently I am working with OpenID Connect Certification basic profile. In
> the OP, I have configured some claims to be gained when the scope is
> openid. When I send a authorization request with an essential claim I will
> get all claims for openid and the essential claim. In the specifications
> there is no, rule as It should return only the essential claim.
> "OP-claims-essential" test is failing because unexpected claims are
> returned. Can you please clarify this issue?
> *Hasini Witharana*
> Undergraduate | Department of Computer Science and Engineering
> University of Moratuwa
> Linkedin <https://www.linkedin.com/in/hasini-witharana-185785109/>
> specs mailing list
Undergraduate | Department of Computer Science and Engineering
University of Moratuwa
specs mailing list