> On Aug 8, 2017 7:49 AM, "Hasini Witharana" <[email protected]> wrote: > Hi, > > Currently I am working with OpenID Connect Certification basic profile. In > the OP, I have configured some claims to be gained when the scope is openid. > When I send a authorization request with an essential claim I will get all > claims for openid and the essential claim. In the specifications there is no, > rule as It should return only the essential claim. "OP-claims-essential" test > is failing because unexpected claims are returned. Can you please clarify > this issue?
Must be my long vacation :-) but I’m not sure I understand what you’re saying here. This is my interpretation. 1) you have an OP that returns a set of claims when the scope is ’openid’. As John said that set should only be ’subject’ and ’issuer’. 2) You run the ’OP-claims-essential’ test using the OpenID test tool. This will send an authorization request including one essential claim (’name’) So, you should expect to get back ’subject’, ’issuer’ and ’name’. Now, You say that the test fails due to ’unexpected claims’ being returned. This means your OP returns more claims then these three. I don’t know what the extra claims are but as John and Nat has pointed out your OP MUST not return claims that are not asked for. If my interpretation is right the test tool does exactly what it should. -- Roland "Education is the path from cocky ignorance to miserable uncertainty.” - Mark Twain
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
