Hi Roland/John, On Tue, Aug 29, 2017 at 1:55 PM, Roland Hedberg <rol...@catalogix.se> wrote:
> > > On Aug 8, 2017 7:49 AM, "Hasini Witharana" <hasinidila...@gmail.com> > wrote: > > Hi, > > > > Currently I am working with OpenID Connect Certification basic profile. > In the OP, I have configured some claims to be gained when the scope is > openid. When I send a authorization request with an essential claim I will > get all claims for openid and the essential claim. In the specifications > there is no, rule as It should return only the essential claim. > "OP-claims-essential" test is failing because unexpected claims are > returned. Can you please clarify this issue? > > Must be my long vacation :-) but I’m not sure I understand what you’re > saying here. > This is my interpretation. > > 1) you have an OP that returns a set of claims when the scope is ’openid’. > As John said that set should only be ’subject’ and ’issuer’. > Does the spec explicitely say so (i.e. the *'only'* part)? I couldn't find so anywhere. Would you mind pointing out where it is? Thanks and regards, Bhathiya > > 2) You run the ’OP-claims-essential’ test using the OpenID test tool. > This will send an authorization request including one essential claim > (’name’) > > So, you should expect to get back ’subject’, ’issuer’ and ’name’. > > Now, You say that the test fails due to ’unexpected claims’ being returned. > This means your OP returns more claims then these three. > I don’t know what the extra claims are but as John and Nat has pointed out > your OP MUST not return > claims that are not asked for. > > If my interpretation is right the test tool does exactly what it should. > > -- Roland > "Education is the path from cocky ignorance to miserable uncertainty.” - > Mark Twain > > > > > _______________________________________________ > specs mailing list > sp...@lists.openid.net > http://lists.openid.net/mailman/listinfo/openid-specs > >
_______________________________________________ specs mailing list sp...@lists.openid.net http://lists.openid.net/mailman/listinfo/openid-specs
